#VU33830 Input validation error in Samba


Published: 2020-08-04

Vulnerability identifier: #VU33830

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2015-0240

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 3.6.0 - 3.6.24, 4.0.0 - 4.0.24, 4.1.0 - 4.1.16, 4.2.0 - 4.2.14

External links
http://advisories.mageia.org/MGASA-2015-0084.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://marc.info/?l=bugtraq&m=142722696102151&w=2
http://marc.info/?l=bugtraq&m=143039217203031&w=2
http://rhn.redhat.com/errata/RHSA-2015-0249.html
http://rhn.redhat.com/errata/RHSA-2015-0250.html
http://rhn.redhat.com/errata/RHSA-2015-0251.html
http://rhn.redhat.com/errata/RHSA-2015-0252.html
http://rhn.redhat.com/errata/RHSA-2015-0253.html
http://rhn.redhat.com/errata/RHSA-2015-0254.html
http://rhn.redhat.com/errata/RHSA-2015-0255.html
http://rhn.redhat.com/errata/RHSA-2015-0256.html
http://rhn.redhat.com/errata/RHSA-2015-0257.html
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.debian.org/security/2015/dsa-3171
http://www.mandriva.com/security/advisories?name=MDVSA-2015:081
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/72711
http://www.securitytracker.com/id/1031783
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345
http://www.ubuntu.com/usn/USN-2508-1
http://access.redhat.com/articles/1346913
http://bugzilla.redhat.com/show_bug.cgi?id=1191325
http://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
http://support.lenovo.com/product_security/samba_remote_vuln
http://support.lenovo.com/us/en/product_security/samba_remote_vuln
http://www.exploit-db.com/exploits/36741/
http://www.samba.org/samba/security/CVE-2015-0240

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.


Latest bulletins with this vulnerability


Input validation error in HP Systems Insight Manager
Input validation error in HP Server Automation
Input validation error in HP-UX CIFS Server (Samba)
Slackware Linux update for samba
SUSE Linux update for Samba
SUSE Linux update for Samba
Input validation error in samba (Alpine package)
Input validation error in Samba
SUSE Linux update for samba