{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-25717", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T15:40:36.637Z", "dateReserved": "2020-09-16T00:00:00", "datePublished": "2022-02-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-17T08:06:17.315137"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation."}], "affected": [{"vendor": "n/a", "product": "samba", "versions": [{"version": "samba 4.15.2, samba 4.14.10, samba 4.13.14", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019672"}, {"url": "https://www.samba.org/samba/security/CVE-2020-25717.html"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-06"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20", "cweId": "CWE-20"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:40:36.637Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019672", "tags": ["x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2020-25717.html", "tags": ["x_transferred"]}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-06"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA32EB89-D016-4181-94A6-66872DF23385", "versionEndExcluding": "4.13.14", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2BD5F53-14DC-4BBF-8E5D-A1DBD24B5F02", "versionEndExcluding": "4.14.10", "versionStartIncluding": "4.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F33C9B3-33EE-431B-93CF-B738D05BBD0A", "versionEndExcluding": "4.15.2", "versionStartIncluding": "4.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CD81C46-328B-412D-AF4E-68A2AD2F1A73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1986832-44C9-491E-A75D-AAD8FAE683E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:gluster_storage:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "135265D8-583D-41EB-B741-419FC871CE91", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "C9D3F4FF-AD3D-4D17-93E8-84CAFCED2F59", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "307846C3-F2B3-4E0D-AA31-BCC1444589F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "0AB105EC-19F9-424A-86F1-305A6FD74A9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F66BE726-A258-42D7-B23A-925F50FDF449", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "3921C1CF-A16D-4727-99AD-03EFFA7C91CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "BC6DD887-9744-43EA-8B3C-44C6B6339590", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "9C24797C-0397-4D4F-ADC3-3B99095DBB35", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*", "matchCriteriaId": "8EF1C1CC-3FAE-4DE3-BC41-E5B14D5721F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podr\u00eda usar este fallo para causar una posible escalada de privilegios"}], "id": "CVE-2020-25717", "lastModified": "2023-09-17T09:15:08.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-18T18:15:08.393", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019672"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2020-25717.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Andrew Bartlett (Catalyst and the Samba Team) and the Samba project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:5192", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.10.16-17.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-12-16T00:00:00Z"}, {"advisory": "RHSA-2021:5082", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "samba-0:4.14.5-7.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5082", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "samba-0:4.14.5-7.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2022:0074", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "samba-0:4.11.2-18.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-01-11T00:00:00Z"}, {"advisory": "RHSA-2022:0008", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "samba-0:4.13.3-8.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-01-04T00:00:00Z"}, {"advisory": "RHSA-2021:4844", "cpe": "cpe:/a:redhat:storage:3.5:samba:el7", "package": "samba-0:4.11.6-114.el7rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 7", "release_date": "2021-11-29T00:00:00Z"}, {"advisory": "RHSA-2021:4843", "cpe": "cpe:/a:redhat:storage:3.5:samba:el8", "package": "samba-0:4.14.5-204.el8rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 8", "release_date": "2021-11-29T00:00:00Z"}, {"advisory": "RHSA-2022:0443", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.21-20220126.0.el7_9", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0133", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.4.9-202201072228_8.5", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-01-12T00:00:00Z"}], "bugzilla": {"description": "samba: Active Directory (AD) domain user could become root on domain members", "id": "2019672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019672"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.", "A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation."], "mitigation": {"lang": "en:us", "value": "Setting \"gensec:require_pac=true\" in the smb.conf makes, due to a cache prime in winbind, the DOMAIN\\user lookup succeed, provided nss_winbind is in use, 'winbind use default domain = no' (the default) and no error paths are hit. \nIt would be prudent to pre-create disabled users in Active Directory matching on all privileged names not held in Active Directory, eg \n~~~\nsamba-tool user add root -H ldap://$SERVER -U$USERNAME%$PASSWORD --random-password\nsamba-tool user add ubuntu -H ldap://$SERVER -U$USERNAME%$PASSWORD --random-password\n~~~\n(repeat for eg all system users under 1000 in /etc/passwd or special to any other AD-connected services, eg perhaps \"admin\" for a web-app)"}, "name": "CVE-2020-25717", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25717\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25717\nhttps://www.samba.org/samba/security/CVE-2020-25717.html"], "threat_severity": "Important", "upstream_fix": "samba 4.15.2, samba 4.14.10, samba 4.13.14"}