Home

CVE-2020-25719

Description

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Risk Information

Base Score
7.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.2

Associated Vulnerability

VulnerabilityOS Platform
samba security update(DSA-5003-1) samba_4.13.13+dfsg-1~deb11u2_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-5142-1) samba_4.13.14+dfsg-0ubuntu0.20.04.1_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-5142-1) samba_4.13.14+dfsg-0ubuntu0.21.04.1_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-5142-1) samba_4.13.14+dfsg-0ubuntu0.21.10.1_amd64.debLinux
(RHSA-2021:5142) idm:DL1 security update ipa-client-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-client-common-4.9.6-10.module+el8.5.0+13587+92118e57.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-client-epn-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-client-samba-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-common-4.9.6-10.module+el8.5.0+13587+92118e57.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-debugsource-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-healthcheck-0.7-6.module+el8.5.0+11410+91a33fe4.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-healthcheck-core-0.7-6.module+el8.5.0+11410+91a33fe4.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-python-compat-4.9.6-10.module+el8.5.0+13587+92118e57.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-selinux-4.9.6-10.module+el8.5.0+13587+92118e57.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-server-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-server-common-4.9.6-10.module+el8.5.0+13587+92118e57.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-server-dns-4.9.6-10.module+el8.5.0+13587+92118e57.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update ipa-server-trust-ad-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64.rpmLinux
(RHSA-2021:5142) idm:DL1 security update python3-ipaclient-4.9.6-10.module+el8.5.0+13587+92118e57.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update python3-ipalib-4.9.6-10.module+el8.5.0+13587+92118e57.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update python3-ipaserver-4.9.6-10.module+el8.5.0+13587+92118e57.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update python3-ipatests-4.9.6-10.module+el8.5.0+13587+92118e57.noarch.rpmLinux
(RHSA-2021:5142) idm:DL1 security update slapi-nis-0.56.6-4.module+el8.5.0+12583+bf7ffcf6.x86_64.rpmLinux
(RHSA-2021:5142) idm:DL1 security update slapi-nis-debugsource-0.56.6-4.module+el8.5.0+12583+bf7ffcf6.x86_64.rpmLinux
Bind-dyndb-ldap update (ELSA-2021-5142) bind-dyndb-ldap-11.6-2.module+el8.4.0+20088+3d202164.x86_64.rpmLinux
Custodia update (ELSA-2021-5142) custodia-0.6.0-3.module+el8.3.0+7868+2151076c.noarch.rpmLinux
Ipa-client update (ELSA-2021-5142) ipa-client-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.x86_64.rpmLinux
Ipa-client-common update (ELSA-2021-5142) ipa-client-common-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.noarch.rpmLinux
Ipa-client-epn update (ELSA-2021-5142) ipa-client-epn-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.x86_64.rpmLinux
Ipa-client-samba update (ELSA-2021-5142) ipa-client-samba-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.x86_64.rpmLinux
Ipa-common update (ELSA-2021-5142) ipa-common-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.noarch.rpmLinux
Ipa-healthcheck update (ELSA-2021-5142) ipa-healthcheck-0.7-6.module+el8.5.0+20379+1b4496cf.noarch.rpmLinux
Ipa-healthcheck-core update (ELSA-2021-5142) ipa-healthcheck-core-0.7-6.module+el8.5.0+20379+1b4496cf.noarch.rpmLinux
Ipa-python-compat update (ELSA-2021-5142) ipa-python-compat-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.noarch.rpmLinux
Ipa-selinux update (ELSA-2021-5142) ipa-selinux-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.noarch.rpmLinux
Ipa-server update (ELSA-2021-5142) ipa-server-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.x86_64.rpmLinux
Ipa-server-common update (ELSA-2021-5142) ipa-server-common-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.noarch.rpmLinux
Ipa-server-dns update (ELSA-2021-5142) ipa-server-dns-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.noarch.rpmLinux
Ipa-server-trust-ad update (ELSA-2021-5142) ipa-server-trust-ad-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.x86_64.rpmLinux
Opendnssec update (ELSA-2021-5142) opendnssec-2.1.7-1.module+el8.4.0+20088+3d202164.x86_64.rpmLinux
Python3-custodia update (ELSA-2021-5142) python3-custodia-0.6.0-3.module+el8.3.0+7868+2151076c.noarch.rpmLinux
Python3-ipaclient update (ELSA-2021-5142) python3-ipaclient-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.noarch.rpmLinux
Python3-ipalib update (ELSA-2021-5142) python3-ipalib-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.noarch.rpmLinux
Python3-ipaserver update (ELSA-2021-5142) python3-ipaserver-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.noarch.rpmLinux
Python3-ipatests update (ELSA-2021-5142) python3-ipatests-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e.noarch.rpmLinux
Python3-jwcrypto update (ELSA-2021-5142) python3-jwcrypto-0.5.0-1.module+el8.3.0+7868+2151076c.noarch.rpmLinux
Python3-kdcproxy update (ELSA-2021-5142) python3-kdcproxy-0.4-5.module+el8.3.0+7868+2151076c.noarch.rpmLinux
Python3-pyusb update (ELSA-2021-5142) python3-pyusb-1.0.0-9.module+el8.3.0+7868+2151076c.noarch.rpmLinux
Python3-qrcode update (ELSA-2021-5142) python3-qrcode-5.1-12.module+el8.3.0+7868+2151076c.noarch.rpmLinux
Python3-qrcode-core update (ELSA-2021-5142) python3-qrcode-core-5.1-12.module+el8.3.0+7868+2151076c.noarch.rpmLinux
Python3-yubico update (ELSA-2021-5142) python3-yubico-1.3.2-9.module+el8.3.0+7868+2151076c.noarch.rpmLinux
Slapi-nis update (ELSA-2021-5142) slapi-nis-0.56.6-4.module+el8.5.0+20418+88e16a2c.x86_64.rpmLinux
Softhsm update (ELSA-2021-5142) softhsm-2.6.0-5.module+el8.4.0+20161+5ecb5b37.x86_64.rpmLinux
Softhsm-devel update (ELSA-2021-5142) softhsm-devel-2.6.0-5.module+el8.4.0+20161+5ecb5b37.x86_64.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update ipa-client-4.6.8-5.el7_9.10.x86_64.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update ipa-client-common-4.6.8-5.el7_9.10.noarch.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update ipa-common-4.6.8-5.el7_9.10.noarch.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update ipa-python-compat-4.6.8-5.el7_9.10.noarch.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update ipa-server-4.6.8-5.el7_9.10.x86_64.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update ipa-server-common-4.6.8-5.el7_9.10.noarch.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update ipa-server-dns-4.6.8-5.el7_9.10.noarch.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update ipa-server-trust-ad-4.6.8-5.el7_9.10.x86_64.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update python2-ipaclient-4.6.8-5.el7_9.10.noarch.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update python2-ipalib-4.6.8-5.el7_9.10.noarch.rpmLinux
(RHSA-2021:5195) ipa security and bug fix update python2-ipaserver-4.6.8-5.el7_9.10.noarch.rpmLinux
Ipa-client update (ELSA-2021-5195) ipa-client-4.6.8-5.0.1.el7_9.10.x86_64.rpmLinux
Ipa-client-common update (ELSA-2021-5195) ipa-client-common-4.6.8-5.0.1.el7_9.10.noarch.rpmLinux
Ipa-common update (ELSA-2021-5195) ipa-common-4.6.8-5.0.1.el7_9.10.noarch.rpmLinux
Ipa-python-compat update (ELSA-2021-5195) ipa-python-compat-4.6.8-5.0.1.el7_9.10.noarch.rpmLinux
Ipa-server update (ELSA-2021-5195) ipa-server-4.6.8-5.0.1.el7_9.10.x86_64.rpmLinux
Ipa-server-common update (ELSA-2021-5195) ipa-server-common-4.6.8-5.0.1.el7_9.10.noarch.rpmLinux
Ipa-server-dns update (ELSA-2021-5195) ipa-server-dns-4.6.8-5.0.1.el7_9.10.noarch.rpmLinux
Ipa-server-trust-ad update (ELSA-2021-5195) ipa-server-trust-ad-4.6.8-5.0.1.el7_9.10.x86_64.rpmLinux
Python2-ipaclient update (ELSA-2021-5195) python2-ipaclient-4.6.8-5.0.1.el7_9.10.noarch.rpmLinux
Python2-ipalib update (ELSA-2021-5195) python2-ipalib-4.6.8-5.0.1.el7_9.10.noarch.rpmLinux
Python2-ipaserver update (ELSA-2021-5195) python2-ipaserver-4.6.8-5.0.1.el7_9.10.noarch.rpmLinux
(RHSA-2021:5142)Moderate: security update bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update bind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update bind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpmLinux
(RHSA-2021:5142)Moderate: security update ipa-client-debuginfo-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update ipa-debuginfo-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update ipa-server-debuginfo-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update ipa-server-trust-ad-debuginfo-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update opendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpmLinux
(RHSA-2021:5142)Moderate: security update python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpmLinux
(RHSA-2021:5142)Moderate: security update python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch.rpmLinux
(RHSA-2021:5142)Moderate: security update python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpmLinux
(RHSA-2021:5142)Moderate: security update python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpmLinux
(RHSA-2021:5142)Moderate: security update python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpmLinux
(RHSA-2021:5142)Moderate: security update python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpmLinux
(RHSA-2021:5142)Moderate: security update slapi-nis-debuginfo-0.56.6-4.module+el8.5.0+12583+bf7ffcf6.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update softhsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update softhsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpmLinux
(RHSA-2021:5142)Moderate: security update softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpmLinux
idm:DL1 security update (RLSA-2021:5142) softhsm-2.6.0-5.module+el8.4.0+429+6bd33fea.x86_64.rpmLinux
idm:DL1 security update (RLSA-2021:5142) custodia-0.6.0-3.module+el8.4.0+429+6bd33fea.noarch.rpmLinux
idm:DL1 security update (RLSA-2021:5142) slapi-nis-0.56.6-4.module+el8.6.0+796+128eec25.x86_64.rpmLinux
idm:DL1 security update (RLSA-2021:5142) opendnssec-2.1.7-1.module+el8.4.0+429+6bd33fea.x86_64.rpmLinux
idm:DL1 security update (RLSA-2021:5142) softhsm-devel-2.6.0-5.module+el8.4.0+429+6bd33fea.x86_64.rpmLinux
idm:DL1 security update (RLSA-2021:5142) python3-qrcode-5.1-12.module+el8.4.0+429+6bd33fea.noarch.rpmLinux
idm:DL1 security update (RLSA-2021:5142) python3-custodia-0.6.0-3.module+el8.4.0+429+6bd33fea.noarch.rpmLinux
idm:DL1 security update (RLSA-2021:5142) python3-qrcode-core-5.1-12.module+el8.4.0+429+6bd33fea.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234