[ASA-202506-3] samba: access restriction bypass

推荐订阅源

Secure Thoughts

Securelist

Proofpoint News Feed

DataBreaches.Net

Cisco Talos Blog

CXSECURITY Database RSS Feed - CXSecurity.com

Project Zero

About on SuperTechFans

月光博客

Cyber Attacks, Cyber Crime and Cyber Security

GbyAI

cs.AI updates on arXiv.org

Attack and Defense Labs

Visual Studio Blog

Blog — PlanetScale

CTFtime.org: upcoming CTF events

Privacy International News Feed

博

博客园 - 司徒正美

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

www.infosecurity-magazine.com

Stack Overflow Blog

MIT News - Artificial intelligence

Help Net Security

Tor Project blog

Vulnerabilities – Threatpost

Cisco Blogs

Intezer

Threat Intelligence Blog | Flashpoint

雷峰网

Apple Machine Learning Research

Threat Research - Cisco Blogs

Blog RSS Feed

博

博客园 - 叶小钗

News and Events Feed by Topic

钛媒体：引领未来商业与生活新知

Simon Willison's Weblog

CERT Recently Published Vulnerability Notes

让小产品的独立变现更简单 - ezindie.com

News and Events Feed by Topic

Arch Linux Security Advisories

[ASA-202506-6] python-django: content spoofing - Arch Linux [ASA-202506-5] konsole: arbitrary code execution [ASA-202506-4] go: multiple issues - Arch Linux [ASA-202506-2] curl: denial of service [ASA-202506-1] roundcubemail: arbitrary code execution [ASA-202505-15] ghostscript: information disclosure - Arch Linux [ASA-202505-14] bind: denial of service [ASA-202505-13] varnish: content spoofing - Arch Linux [ASA-202505-12] go: directory traversal - Arch Linux [ASA-202505-11] freetype2: arbitrary code execution [ASA-202505-10] python-django: denial of service [ASA-202505-9] dropbear: arbitrary command execution [ASA-202505-8] nodejs-lts-iron: multiple issues - Arch Linux [ASA-202505-7] nodejs-lts-jod: denial of service

[ASA-202506-3] samba: access restriction bypass

Arch Linux S · 2025-06-07 · via Arch Linux Security Advisories

ASA-202506-3 log generated external raw

[ASA-202506-3] samba: access restriction bypass
Arch Linux Security Advisory ASA-202506-3 ========================================= Severity: Low Date : 2025-06-06 CVE-ID : CVE-2025-0620 Package : samba Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2892 Summary ======= The package samba before version 4.22.2-1 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 4.22.2-1. # pacman -Syu "samba>=4.22.2-1" The problem has been fixed upstream in version 4.22.2. Workaround ========== None. Description =========== When using Kerberos authentication with SMB, smbd doesn't pick up group membership changes when re-authenticating an expired SMB session. Impact ====== A remote authenticated attacker may retain unintended access to file shares in Samba. References ========== https://www.samba.org/samba/security/CVE-2025-0620.html https://bugzilla.samba.org/show_bug.cgi?id=15707 https://nvd.nist.gov/vuln/detail/CVE-2025-0620 https://security.archlinux.org/CVE-2025-0620

[ASA-202506-3] samba: access restriction bypass

Arch Linux Security Advisory ASA-202506-3 ========================================= Severity: Low Date : 2025-06-06 CVE-ID : CVE-2025-0620 Package : samba Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2892 Summary ======= The package samba before version 4.22.2-1 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 4.22.2-1. # pacman -Syu "samba>=4.22.2-1" The problem has been fixed upstream in version 4.22.2. Workaround ========== None. Description =========== When using Kerberos authentication with SMB, smbd doesn't pick up group membership changes when re-authenticating an expired SMB session. Impact ====== A remote authenticated attacker may retain unintended access to file shares in Samba. References ========== https://www.samba.org/samba/security/CVE-2025-0620.html https://bugzilla.samba.org/show_bug.cgi?id=15707 https://nvd.nist.gov/vuln/detail/CVE-2025-0620 https://security.archlinux.org/CVE-2025-0620

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。