samba -- Multiple Vulnerabilities
The Samba Team reports:
- CVE-2020-25717: A user in an AD Domain could become root on domain
- CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
tickets issued by an RODC.
- CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC
in Kerberos tickets.
- CVE-2020-25721: Kerberos acceptors need easy access to stable
AD identifiers (eg objectSid).
- CVE-2020-25722: Samba AD DC did not do sufficient access and
conformance checking of data stored.
- CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
- CVE-2021-3738: Use after free in Samba AD DC RPC server.
- CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright