Linux Distros Unpatched Vulnerability : CVE-2020-17049

🗓️ 04 Mar 2025 00:00:00Reported by TenableType

Unpatched vulnerability in Linux distros regarding Key Distribution Center service ticket validation flaw.

Reporter	Title	Published	Views	Family All 140
ALT Linux	Security fix for the ALT Linux 10 package samba version 4.14.9-alt1	1 Nov 202100:00	–	altlinux
IBM Security Bulletins	Security Bulletin: A buffer overread, security restrictions bypass, a use-after-free, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service	25 Mar 202523:50	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities were discovered in IBM Application Gateway	4 Jun 202523:00	–	ibm
ATTACKERKB	CVE-2020-17049	11 Nov 202000:00	–	attackerkb
Tenable Nessus	Amazon Linux 2022 : samba (ALAS2022-2022-213)	9 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2023-032)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : samba (ALAS-2022-1642)	10 Dec 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0022: idm:DL1 (ALINUX3-SA-2024:0022)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : krb5 (ALSA-2023:2570)	14 May 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : idm:DL1 (ALSA-2024:0143)	12 Jan 202400:00	–	nessus

Source	Link
access	www.access.redhat.com/security/cve/cve-2020-17049
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(223385);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/29");

  script_cve_id("CVE-2020-17049");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2020-17049");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a
    service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the
    vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that
    is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by
    changing how the KDC validates service tickets used with KCD. (CVE-2020-17049)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-17049");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-17049");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-pkinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-workstation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libkadm5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-pkinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-workstation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libkadm5");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/CentOS Linux-7", "Host/OS/Red Hat Enterprise Linux-7");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/CentOS/rpm-list")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "CentOS Linux-7": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "7",
        "pkgs": [
          {"reference": "krb5"},
          {"reference": "krb5-devel"},
          {"reference": "krb5-libs"},
          {"reference": "krb5-pkinit"},
          {"reference": "krb5-server"},
          {"reference": "krb5-server-ldap"},
          {"reference": "krb5-workstation"},
          {"reference": "libkadm5"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-7": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "7",
        "pkgs": [
          {"reference": "krb5"},
          {"reference": "krb5-devel"},
          {"reference": "krb5-libs"},
          {"reference": "krb5-pkinit"},
          {"reference": "krb5-server"},
          {"reference": "krb5-server-ldap"},
          {"reference": "krb5-workstation"},
          {"reference": "libkadm5"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

29 Oct 2025 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.16.6 - 7.2

CVSS 29

EPSS0.248

SSVC