The Samba-Bugzilla – Attachment 16917 Details for
Bug 14558
CVE-2020-25718 [SECURITY] An RODC can issue (forge) administrator tickets to other servers
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
initial advisory (v01)
CVE-2020-25718-advisory-v1.txt (text/plain), 2.02 KB, created by
Andrew Bartlett
on 2021-11-02 10:06:42 UTC
(
hide
)
Description:
initial advisory (v01)
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2021-11-02 10:06:42 UTC
Size:
2.02 KB
patch
obsolete
>=========================================================== >== Subject: Samba AD DC did not correctly sandbox >== Kerberos tickets issues by an RODC. >== >== CVE ID#: CVE-2020-25718 >== >== Versions: Samba 4.0.0 and later >== >== Summary: The Samba AD DC, when joined by an RODC, did >== not confirm if the RODC was allowed to print a >== ticket for that user. >=========================================================== > >=========== >Description >=========== > >Samba as an Active Directory Domain Controller is able to support an >RODC, which is meant to have minimal privileges in a domain. > >However, in accepting a ticket from a Samba or Windows RODC, Samba >was not confirming that the RODC is authorized to print such a sicket, >via the msDS-NeverRevealGroup and msDS-RevealOnDemandGroup (typically >"Allowed RODC Replication Group" and "Denied RODC Replciation >Group"). > >This would allow an RODC to print administrator tickets. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba 4.15.2, 4.14.10 and 4.13.14 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (7.5) > >========== >Workaround >========== > > >======= >Credits >======= > >Originally reported by Andrew Bartlett. > >Patches provided by: > - Andrew Bartlett of Catalyst and the Samba Team. > - Douglas Bagnall of Catalyst and the Samba Team. > - Joseph Sutton of Catalyst and the Samba Team > >Catalyst wishes to thank Univention Gmbh in particular for their >support towards the production of this fix. > >Advisory written by Andrew Bartlett of Catalyst > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14558
:
16917
|
16936
|
16966