CVE-2015-0240

NameCVE-2015-0240
DescriptionThe Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-156-1, DSA-3171-1
Debian Bugs779033

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
samba (PTS)buster, buster (security)2:4.9.5+dfsg-5+deb10u3fixed
bullseye (security), bullseye2:4.13.13+dfsg-1~deb11u5fixed
bookworm2:4.17.5+dfsg-2fixed
sid2:4.17.6+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sambasourcesqueeze2:3.5.6~dfsg-3squeeze12DLA-156-1
sambasourcewheezy2:3.6.6-6+deb7u5DSA-3171-1
sambasource(unstable)2:4.1.17+dfsg-1779033
samba4source(unstable)4.0.0~beta2+dfsg1-3.2+deb7u2

Notes

Server components removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
https://www.samba.org/samba/security/CVE-2015-0240
Search for package or bug name: Reporting problems