Nixpkgs security tracker

Untriaged

Permalink CVE-2025-0620

6.6 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 10 months, 1 week ago

Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

References

https://access.redhat.com/security/cve/CVE-2025-0620 vdb-entryx_refsource_REDHAT
RHBZ#2370453 issue-trackingx_refsource_REDHAT
https://www.samba.org/samba/security/CVE-2025-0620.html
http://www.openwall.com/lists/oss-security/2025/06/03/8

Affected products

rhcos

samba

<4.21.6

samba4

Matching in nixpkgs

pkgs.samba

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable 4.20.4
- nixpkgs-unstable 4.20.4

pkgs.samba4

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable 4.20.4
- nixpkgs-unstable 4.20.4
- nixos-unstable-small 4.20.4

pkgs.sambamba

SAM/BAM processing tool

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1

pkgs.sambaFull

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable 4.20.4
- nixpkgs-unstable 4.20.4
- nixos-unstable-small 4.20.4

pkgs.samba4Full

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable 4.20.4
- nixpkgs-unstable 4.20.4
- nixos-unstable-small 4.20.4

Package maintainers

@aneeshusa Aneesh Agrawal <aneeshusa@gmail.com>
@jbedo Justin Bedő <cu@cua0.org>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.samba

pkgs.samba4

pkgs.sambamba

pkgs.sambaFull

pkgs.samba4Full

Package maintainers