A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
History

Sun, 17 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 17 Nov 2024 10:30:00 +0000

Type Values Removed Values Added
Title samba: check attribute access rights for LDAP adds of computers Samba: check attribute access rights for ldap adds of computers
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Redhat storage
CPEs cpe:/a:redhat:openshift:4
cpe:/a:redhat:storage:3
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
Redhat storage
References

Wed, 21 Aug 2024 18:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.

Tue, 20 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title samba: check attribute access rights for LDAP adds of computers
Weaknesses CWE-264
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-11-17T10:17:07.511Z

Updated: 2024-11-21T20:51:52.457Z

Reserved: 2020-09-16T00:00:00.000Z

Link: CVE-2020-25720

cve-icon Vulnrichment

Updated: 2024-11-17T16:18:44.736Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-17T11:15:04.320

Modified: 2024-11-18T17:11:17.393

Link: CVE-2020-25720

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-06-14T00:12:00Z

Links: CVE-2020-25720 - Bugzilla