Vulnerability CVE-2015-0240


Published: 2015-02-23   Modified: 2015-02-24

Description:
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

See advisories in our WLB2 database:
Topic
Author
Date
High
Samba < 3.6.2 x86 Buffer Overflow PoC
sleepya
14.04.2015

Type:

CWE-17

(Code)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Samba -> Samba 
Redhat -> Enterprise linux 
Novell -> Suse linux enterprise desktop 
Novell -> Suse linux enterprise server 
Novell -> Suse linux enterprise software development kit 
Canonical -> Ubuntu linux 

 References:
http://advisories.mageia.org/MGASA-2015-0084.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://marc.info/?l=bugtraq&m=142722696102151&w=2
http://marc.info/?l=bugtraq&m=143039217203031&w=2
http://rhn.redhat.com/errata/RHSA-2015-0249.html
http://rhn.redhat.com/errata/RHSA-2015-0250.html
http://rhn.redhat.com/errata/RHSA-2015-0251.html
http://rhn.redhat.com/errata/RHSA-2015-0252.html
http://rhn.redhat.com/errata/RHSA-2015-0253.html
http://rhn.redhat.com/errata/RHSA-2015-0254.html
http://rhn.redhat.com/errata/RHSA-2015-0255.html
http://rhn.redhat.com/errata/RHSA-2015-0256.html
http://rhn.redhat.com/errata/RHSA-2015-0257.html
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.debian.org/security/2015/dsa-3171
http://www.mandriva.com/security/advisories?name=MDVSA-2015:081
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/72711
http://www.securitytracker.com/id/1031783
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345
http://www.ubuntu.com/usn/USN-2508-1
https://access.redhat.com/articles/1346913
https://bugzilla.redhat.com/show_bug.cgi?id=1191325
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
https://support.lenovo.com/product_security/samba_remote_vuln
https://support.lenovo.com/us/en/product_security/samba_remote_vuln
https://www.exploit-db.com/exploits/36741/
https://www.samba.org/samba/security/CVE-2015-0240

Copyright 2020, cxsecurity.com

 

Back to Top