Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-25719

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

  • Published: Feb 18, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-25719
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 9
  • AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

Software From Fixed in
samba / samba 4.15.0 4.15.2
samba / samba 4.14.0 4.14.10
samba / samba 4.0.0 4.13.14
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
fedoraproject / fedora 33 33.x
fedoraproject / fedora 34 34.x
fedoraproject / fedora 35 35.x
canonical / ubuntu_linux 20.04 20.04.x
canonical / ubuntu_linux 21.04 21.04.x
canonical / ubuntu_linux 21.10 21.10.x
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux_for_scientific_computing 7.0 7.0.x
redhat / enterprise_linux 7.0 7.0.x
redhat / enterprise_linux_for_power_little_endian 7.0 7.0.x
redhat / enterprise_linux_for_power_big_endian 7.0 7.0.x
redhat / enterprise_linux_for_ibm_z_systems 7.0 7.0.x
redhat / enterprise_linux 8.0 8.0.x
redhat / enterprise_linux_eus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.2 8.2.x
redhat / enterprise_linux_server_aus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.4 8.4.x
redhat / enterprise_linux_eus 8.4 8.4.x
redhat / enterprise_linux_server_aus 8.4 8.4.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.2 8.2.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.4 8.4.x
redhat / enterprise_linux_for_power_little_endian_eus 8.2 8.2.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.2 8.2.x
redhat / enterprise_linux_for_power_little_endian 8.0 8.0.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.4 8.4.x
redhat / enterprise_linux_for_ibm_z_systems 8.0 8.0.x
redhat / enterprise_linux_for_power_little_endian_eus 8.4 8.4.x