Bug 15263 - [SECURITY] Samba should enforce CVE-2020-25720 CreateChild restrictions by default
Summary: [SECURITY] Samba should enforce CVE-2020-25720 CreateChild restrictions by de...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.17.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Blocks: 15244
  Show dependency treegraph
Reported: 2022-12-13 08:57 UTC by Andrew Bartlett
Modified: 2022-12-22 07:00 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2022-12-13 08:57:10 UTC
As reminded by https://twitter.com/brdpoker/status/1590066974104879110?cxt=HHwWjIDQiaHfhpEsAAAA 


Microsoft intends to enforce the changes in CVE-2021-42291 (which Samba fixed with bug 14810 and called CVE-2020-25720) sometime after April 2023.  

Currently the fixes for bug 14810 are only in master, so will be released with Samba 4.18, we might choose to backport to 4.17 and enforce with 4.18.