The Samba-Bugzilla – Attachment 18607 Details for
Bug 15707
[SECURITY] CVE-2025-0620: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Advisory CVE-2025-0620 v2
advisory-CVE-2025-0620-v2.txt (text/plain), 2.03 KB, created by
Ralph Böhme
on 2025-03-14 15:09:20 UTC
(
hide
)
Description:
Advisory CVE-2025-0620 v2
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2025-03-14 15:09:20 UTC
Size:
2.03 KB
patch
obsolete
>=========================================================== >== Subject: smbd doesn't pick up group membership changes >== when re-authenticating an expired SMB session >== >== CVE ID#: CVE-2025-0620 >== >== Versions: All versions starting with 4.21.0 >== >== Summary: When using Kerberos authentication with SMB, >== smbd doesn't pick up group membership changes >== when re-authenticating an expired SMB session >=========================================================== > >=========== >Description >=========== > >With Kerberos authentication SMB sessions typically have an >associated lifetime, requiring re-authentication by the >client when the session expires. As part of the >re-authentication, Samba receives the current group >membership information and is expected to reflect this >change in further SMB request processing. > >For historic reasons, Samba maintains a cache of >associations between a user's impersonation information and >connected shares. A recent change in this cache caused Samba >to not reflect group membership changes from session >re-authentication when processing further SMB requests. > >As a result, when an administrator removes a user from a >particular group in Active Directory, this change will not >become effective unless the user disconnects from the server >and establishes a new connection. > >================== >Patch Availability >================== > >The Samba Team decided not to issue a dedicated security release, >see https://wiki.samba.org/index.php/Samba_Security_Process. > >See https://bugzilla.samba.org/show_bug.cgi?id=15707 > >================== >CVSSv4 calculation >================== > >CVSS 4.0: AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:I/V:C/RE:L (7) > >========== >Workaround >========== > >None. > >======= >Credits >======= > >Originally reported by Anoop C S of the Samba Team. > >Patch provided by Ralph Boehme of the Samba team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >==========================================================
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18607">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
anoopcs
:
review+
metze
:
review+
Actions:
View
Attachments on
bug 15707
:
18431
|
18432
|
18526
|
18606
| 18607 |
18644
|
18645
|
18646