Vulnerability CVE-2020-17049: Information
Description
<p>A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).</p> <p>To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.</p> <p>The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.</p>
Severity: MEDIUM (6.6) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| samba | sisyphus | 4.14.9-alt1 | 4.19.6-alt1 | ALT-PU-2021-3227-1 | 288702 | Fixed |
| samba | sisyphus_e2k | 4.14.10-alt2 | 4.19.6-alt1 | ALT-PU-2021-4377-1 | - | Fixed |
| samba | p10 | 4.14.10-alt2 | 4.19.6-alt1 | ALT-PU-2021-3339-1 | 288704 | Fixed |
| samba | p9 | 4.14.10-alt2 | 4.14.10-alt2 | ALT-PU-2021-3470-1 | 288706 | Fixed |
| samba | p9_e2k | 4.14.10-alt2 | 4.14.10-alt2 | ALT-PU-2022-3841-1 | - | Fixed |
| samba | c10f1 | 4.14.10-alt2 | 4.16.11-alt2 | ALT-PU-2021-3339-1 | 288704 | Fixed |
| samba | c9f2 | 4.14.10-alt2 | 4.14.14-alt0.c9.1 | ALT-PU-2021-3296-1 | 289286 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17049 |
|
| [oss-security] 20211110 Fwd: Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download |
|
| GLSA-202309-06 |