VDB
CVE-2020-25721
CVE-2020-25721
PUBLISHED
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
EPSS 0.37% · 58.8th percentile
Risk Scores
EPSS Score
0.37%
58.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | samba | *, *, * |
| Ubuntu:Pro:16.04:LTS | samba | 2:4.3.11+dfsg-0ubuntu0.16.04.30, 2:4.3.11+dfsg-0ubuntu0.16.04.31, 2:4.3.11+dfsg-0ubuntu0.16.04.32 |
| Ubuntu:22.04:LTS | samba | 2:4.13.5+dfsg-2ubuntu2, 2:4.13.5+dfsg-2ubuntu3, 0 |
| Ubuntu:20.04:LTS | samba | 2:4.11.6+dfsg-0ubuntu1.6, 2:4.11.6+dfsg-0ubuntu1.5, 2:4.11.6+dfsg-0ubuntu1.4 |
| Ubuntu:Pro:14.04:LTS | samba | 2:4.3.11+dfsg-0ubuntu0.14.04.2, *, * |
Timeline
- Nov 9, 2021 CVE Published
- Mar 17, 2022 EPSS Score
- May 7, 2022 EPSS Score
- Jun 27, 2022 EPSS Score
- Oct 8, 2022 EPSS Score
- Nov 29, 2022 EPSS Score
- Jan 19, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 1, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
- Oct 1, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-25721 third-party-advisory
- https://www.samba.org/samba/security/CVE-2020-25721.html third-party-advisory
- https://www.samba.org/samba/history/samba-4.13.14.html third-party-advisory
- https://ubuntu.com/security/notices/USN-5142-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-25721 third-party-advisory