vulnerability

Red Hat: CVE-2020-25719: CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Dec 15, 2021	Dec 16, 2021	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Dec 15, 2021

Added

Dec 16, 2021

Modified

Aug 11, 2025

Description

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Solutions

redhat-upgrade-bind-dyndb-ldapredhat-upgrade-bind-dyndb-ldap-debuginforedhat-upgrade-bind-dyndb-ldap-debugsourceredhat-upgrade-custodiaredhat-upgrade-ipa-clientredhat-upgrade-ipa-client-commonredhat-upgrade-ipa-client-debuginforedhat-upgrade-ipa-client-epnredhat-upgrade-ipa-client-sambaredhat-upgrade-ipa-commonredhat-upgrade-ipa-debuginforedhat-upgrade-ipa-debugsourceredhat-upgrade-ipa-healthcheckredhat-upgrade-ipa-healthcheck-coreredhat-upgrade-ipa-idoverride-memberof-pluginredhat-upgrade-ipa-python-compatredhat-upgrade-ipa-selinuxredhat-upgrade-ipa-serverredhat-upgrade-ipa-server-commonredhat-upgrade-ipa-server-debuginforedhat-upgrade-ipa-server-dnsredhat-upgrade-ipa-server-trust-adredhat-upgrade-ipa-server-trust-ad-debuginforedhat-upgrade-opendnssecredhat-upgrade-opendnssec-debuginforedhat-upgrade-opendnssec-debugsourceredhat-upgrade-python2-ipaclientredhat-upgrade-python2-ipalibredhat-upgrade-python2-ipaserverredhat-upgrade-python3-custodiaredhat-upgrade-python3-ipaclientredhat-upgrade-python3-ipalibredhat-upgrade-python3-ipaserverredhat-upgrade-python3-ipatestsredhat-upgrade-python3-jwcryptoredhat-upgrade-python3-kdcproxyredhat-upgrade-python3-pyusbredhat-upgrade-python3-qrcoderedhat-upgrade-python3-qrcode-coreredhat-upgrade-python3-yubicoredhat-upgrade-slapi-nisredhat-upgrade-slapi-nis-debuginforedhat-upgrade-slapi-nis-debugsourceredhat-upgrade-softhsmredhat-upgrade-softhsm-debuginforedhat-upgrade-softhsm-debugsourceredhat-upgrade-softhsm-devel

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today