[manjaro-security] [ASA-202506-3] samba: access restriction bypass
Andrea Denisse
denisse at archlinux.org
Fri Jun 13 22:32:20 CEST 2025
Arch Linux Security Advisory ASA-202506-3
=========================================
Severity: Low
Date : 2025-06-06
CVE-ID : CVE-2025-0620
Package : samba
Type : access restriction bypass
Remote : Yes
Link : https://security.archlinux.org/AVG-2892
Summary
=======
The package samba before version 4.22.2-1 is vulnerable to access
restriction bypass.
Resolution
==========
Upgrade to 4.22.2-1.
# pacman -Syu "samba>=4.22.2-1"
The problem has been fixed upstream in version 4.22.2.
Workaround
==========
None.
Description
===========
When using Kerberos authentication with SMB, smbd doesn't pick up group
membership changes when re-authenticating an expired SMB session.
Impact
======
A remote authenticated attacker may retain unintended access to file
shares in Samba.
References
==========
https://www.samba.org/samba/security/CVE-2025-0620.html
https://bugzilla.samba.org/show_bug.cgi?id=15707
https://nvd.nist.gov/vuln/detail/CVE-2025-0620
https://security.archlinux.org/CVE-2025-0620
More information about the manjaro-security
mailing list