nvd-json-data-feeds/CVE-2020/CVE-2020-257xx/CVE-2020-25719.json

{
  "id": "CVE-2020-25719",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2022-02-18T18:15:08.563",
  "lastModified": "2022-10-21T19:22:17.073",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en la forma en que Samba, como controlador de dominio de Active Directory, implementaba la autenticaci\u00f3n basada en nombres de Kerberos. El AD DC de Samba, pod\u00eda confundirse sobre el usuario que representa un ticket si no requer\u00eda estrictamente un PAC de Kerberos y siempre usaba los SIDs encontrados dentro. El resultado podr\u00eda incluir el compromiso total del dominio"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ]
    },
    {
      "source": "secalert@redhat.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "4.0.0",
              "versionEndExcluding": "4.13.14",
              "matchCriteriaId": "90E25F32-0EA6-4663-8031-D7473716820A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "4.14.0",
              "versionEndExcluding": "4.14.10",
              "matchCriteriaId": "E2BD5F53-14DC-4BBF-8E5D-A1DBD24B5F02"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "4.15.0",
              "versionEndExcluding": "4.15.2",
              "matchCriteriaId": "8F33C9B3-33EE-431B-93CF-B738D05BBD0A"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EF1C1CC-3FAE-4DE3-BC41-E5B14D5721F4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB105EC-19F9-424A-86F1-305A6FD74A9C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3921C1CF-A16D-4727-99AD-03EFFA7C91CA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC6DD887-9744-43EA-8B3C-44C6B6339590"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019732",
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.samba.org/samba/security/CVE-2020-25719.html",
      "source": "secalert@redhat.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ]
    }
  ]
}