#VU33830 Input validation error in Samba - CVE-2015-0240
Published: February 24, 2015 / Updated: November 20, 2020
Vulnerability identifier: #VU33830
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2015-0240
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Samba
Samba
Software vendor:
Samba
Samba
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
Remediation
Install update from vendor's website.
External links
- http://advisories.mageia.org/MGASA-2015-0084.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
- http://marc.info/?l=bugtraq&m=142722696102151&w=2
- http://marc.info/?l=bugtraq&m=143039217203031&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0249.html
- http://rhn.redhat.com/errata/RHSA-2015-0250.html
- http://rhn.redhat.com/errata/RHSA-2015-0251.html
- http://rhn.redhat.com/errata/RHSA-2015-0252.html
- http://rhn.redhat.com/errata/RHSA-2015-0253.html
- http://rhn.redhat.com/errata/RHSA-2015-0254.html
- http://rhn.redhat.com/errata/RHSA-2015-0255.html
- http://rhn.redhat.com/errata/RHSA-2015-0256.html
- http://rhn.redhat.com/errata/RHSA-2015-0257.html
- http://security.gentoo.org/glsa/glsa-201502-15.xml
- http://www.debian.org/security/2015/dsa-3171
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:081
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.securityfocus.com/bid/72711
- http://www.securitytracker.com/id/1031783
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345
- http://www.ubuntu.com/usn/USN-2508-1
- https://access.redhat.com/articles/1346913
- https://bugzilla.redhat.com/show_bug.cgi?id=1191325
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
- https://support.lenovo.com/product_security/samba_remote_vuln
- https://support.lenovo.com/us/en/product_security/samba_remote_vuln
- https://www.exploit-db.com/exploits/36741/
- https://www.samba.org/samba/security/CVE-2015-0240