Alpine: multiple ldb packages, multiple samba packages, pam-winbind: security update to 4.15.2-r0

high Tenable Cloud Security Plugin ID 424461

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-
based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did
not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total
domain compromise. (CVE-2020-25719)

- A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to
retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
(CVE-2016-2124)

- A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use
this flaw to cause possible privilege escalation. (CVE-2020-25717)

- A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC
(read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)

See Also

https://security.alpinelinux.org/vuln/CVE-2016-2124

https://security.alpinelinux.org/vuln/CVE-2020-25717

https://security.alpinelinux.org/vuln/CVE-2020-25718

https://security.alpinelinux.org/vuln/CVE-2020-25719

https://security.alpinelinux.org/vuln/CVE-2020-25721

https://security.alpinelinux.org/vuln/CVE-2020-25722

https://security.alpinelinux.org/vuln/CVE-2021-23192

https://security.alpinelinux.org/vuln/CVE-2021-3738

Plugin Details

Severity: High

ID: 424461

Version: Revision 1.7

Type: Local

Published: 4/4/2025

Updated: 5/31/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97.35

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2020-25719

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-3738

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/9/2021

Reference Information

CVE: CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-23192, CVE-2021-3738

IAVA: 2021-A-0554