Samba 4.21.x < 4.21.6 / 4.22.x < 4.22.2 Security Bypass Vulnerability

high Nessus Plugin ID 237907

Synopsis

The remote host is missing a security update.

Description

The version of Samba installed on the remote host is 4.21.x prior to 4.21.6, or 4.22.x prior to 4.22.2. It is, therefore, affected by a security bypass vulnerability. A flaw exists with smbd when using Kerberos authentication with smb, due to using the cached user group permissions when re-authenticating. An authenticated, remote attacker can exploit this, to continue accessing a user group after being removed.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Samba version 4.21.6, 4.22.2, or later.

See Also

https://www.samba.org/samba/security/CVE-2025-0620.html

https://bugzilla.samba.org/show_bug.cgi?id=15707

https://www.samba.org/samba/history/samba-4.21.6.html

https://www.samba.org/samba/history/samba-4.22.2.html

https://www.openwall.com/lists/oss-security/2025/06/03/8

Plugin Details

Severity: High

ID: 237907

File Name: samba_4_21_6.nasl

Version: 1.1

Type: remote

Family: Misc.

Published: 6/6/2025

Updated: 6/6/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v3

Risk Factor: Medium

Base Score: 5.7

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

CVSS v4

Risk Factor: High

Base Score: 7

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/samba, SMB/NativeLanManager

Patch Publication Date: 6/3/2025

Vulnerability Publication Date: 6/3/2025

Reference Information

CVE: CVE-2025-0620

IAVA: 2025-A-0397