2019764 – (CVE-2020-25722) CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored

Bug 2019764 (CVE-2020-25722) - CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored

Summary: CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformanc...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-25722
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2021721
Blocks:	1976705 2022415
TreeView+	depends on / blocked

Reported:	2021-11-03 10:25 UTC by Huzaifa S. Sidhpurwala
Modified:	2021-11-11 15:14 UTC (History)
CC List:	17 users (show)
Fixed In Version:	samba 4.15.2, samba 4.14.10, samba 4.13.14
Doc Type:	If docs needed, set a value
Doc Text:	Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.
Clone Of:
Environment:
Last Closed:	2021-11-10 03:21:41 UTC
Embargoed:

Attachments	(Terms of Use)

Description Huzaifa S. Sidhpurwala 2021-11-03 10:25:35 UTC

As per upstream advisory:

Samba as an Active Directory Domain Controller has to take care to protect a number of sensitive attributes, and to follow a security model from Active Directory that relies totally on the intersection of NT security descriptors and the underlying X.500 Directory Access Protocol (as then expressed in LDAP) schema constraints for security.

Some attributes in Samba AD are sensitive, they apply to one object but protect others.

Users who can set msDS-AllowedToDelegateTo can become any user in the domain on the server pointed at by this list.  Likewise in a domain mixed with Microsoft Windows, Samba's lack of protection of sidHistory would be a similar issue.

This would be limited to users with the right to create users or modify them (typically those who created them), however, due to other flaws, all users are able to create new user objects.

Comment 1 Huzaifa S. Sidhpurwala 2021-11-10 02:57:27 UTC

Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2021721]

Comment 2 Product Security DevOps Team 2021-11-10 03:21:39 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25722

Note You need to log in before you can comment on or make changes to this bug.