Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0240

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2015-0240
Last Modified 11 May 2015 10:02:17
Published 23 Feb 2015 08:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0240

Summary

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 14.04

  • Canonical Ubuntu Linux 14.10

  • Novell Suse Linux Enterprise Desktop 12

  • Novell Suse Linux Enterprise Server 12

  • Novell Suse Linux Enterprise Software Development Kit 12

  • Redhat Enterprise Linux 5

  • Redhat Enterprise Linux 6

  • Redhat Enterprise Linux 7.0

Application

  • Samba 3.5.0

  • Samba 3.5.1

  • Samba 3.5.10

  • Samba 3.5.11

  • Samba 3.5.12

  • Samba 3.5.13

  • Samba 3.5.14

  • Samba 3.5.15

  • Samba 3.5.16

  • Samba 3.5.17

  • Samba 3.5.18

  • Samba 3.5.19

  • Samba 3.5.2

  • Samba 3.5.20

  • Samba 3.5.21

  • Samba 3.5.22

  • Samba 3.5.3

  • Samba 3.5.4

  • Samba 3.5.5

  • Samba 3.5.6

  • Samba 3.5.7

  • Samba 3.5.8

  • Samba 3.5.9

  • Samba 3.6.0

  • Samba 3.6.1

  • Samba 3.6.10

  • Samba 3.6.11

  • Samba 3.6.12

  • Samba 3.6.13

  • Samba 3.6.14

  • Samba 3.6.15

  • Samba 3.6.16

  • Samba 3.6.17

  • Samba 3.6.18

  • Samba 3.6.19

  • Samba 3.6.2

  • Samba 3.6.20

  • Samba 3.6.21

  • Samba 3.6.22

  • Samba 3.6.23

  • Samba 3.6.24

  • Samba 4.0.0

  • Samba 4.0.1

  • Samba 4.0.10

  • Samba 4.0.11

  • Samba 4.0.12

  • Samba 4.0.13

  • Samba 4.0.14

  • Samba 4.0.15

  • Samba 4.0.16

  • Samba 4.0.17

  • Samba 4.0.18

  • Samba 4.0.19

  • Samba 4.0.2

  • Samba 4.0.20

  • Samba 4.0.21

  • Samba 4.0.22

  • Samba 4.0.23

  • Samba 4.0.24

  • Samba 4.0.3

  • Samba 4.0.4

  • Samba 4.0.5

  • Samba 4.0.6

  • Samba 4.0.7

  • Samba 4.0.8

  • Samba 4.0.9

  • Samba 4.1.0

  • Samba 4.1.1

  • Samba 4.1.10

  • Samba 4.1.11

  • Samba 4.1.12

  • Samba 4.1.13

  • Samba 4.1.14

  • Samba 4.1.15

  • Samba 4.1.16

  • Samba 4.1.2

  • Samba 4.1.3

  • Samba 4.1.4

  • Samba 4.1.5

  • Samba 4.1.6

  • Samba 4.1.7

  • Samba 4.1.8

  • Samba 4.1.9

  • Samba 4.2.0


References

CONFIRM - https://www.samba.org/samba/security/CVE-2015-0240

CONFIRM - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1191325

CONFIRM - https://access.redhat.com/articles/1346913

UBUNTU - USN-2508-1

DEBIAN - DSA-3171

REDHAT - RHSA-2015:0257

REDHAT - RHSA-2015:0256

REDHAT - RHSA-2015:0255

REDHAT - RHSA-2015:0254

REDHAT - RHSA-2015:0253

REDHAT - RHSA-2015:0252

REDHAT - RHSA-2015:0251

REDHAT - RHSA-2015:0250

REDHAT - RHSA-2015:0249

SUSE - SUSE-SU-2015:0353

SECTRACK - 1031783

BID - 72711

GENTOO - GLSA-201502-15

SUSE - SUSE-SU-2015:0371

SUSE - SUSE-SU-2015:0386

SUSE - openSUSE-SU-2015:0375

SLACKWARE - SSA:2015-064-01

HP - SSRT101979

MANDRIVA - MDVSA-2015:082

MANDRIVA - MDVSA-2015:081

CONFIRM - http://advisories.mageia.org/MGASA-2015-0084.html

EXPLOIT-DB - 36741

HP - SSRT101952


Last Updated: 27 May 2016 11:07:57