CVE-2015-0240

NameCVE-2015-0240
DescriptionThe Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-156-1, DSA-3171-1
NVD severityhigh (attack range: remote)
Debian Bugs779033

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
samba (PTS)wheezy2:3.6.6-6+deb7u7fixed
wheezy (security)2:3.6.6-6+deb7u15fixed
jessie (security), jessie2:4.2.14+dfsg-0+deb8u9fixed
stretch (security), stretch2:4.5.12+dfsg-2+deb9u1fixed
buster, sid2:4.7.3+dfsg-1fixed
samba4 (PTS)wheezy4.0.0~beta2+dfsg1-3.2+deb7u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sambasource(unstable)2:4.1.17+dfsg-1high779033
sambasourcesqueeze2:3.5.6~dfsg-3squeeze12highDLA-156-1
sambasourcewheezy2:3.6.6-6+deb7u5highDSA-3171-1
samba4source(unstable)4.0.0~beta2+dfsg1-3.2+deb7u2high

Notes

Server components removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
https://www.samba.org/samba/security/CVE-2015-0240

Search for package or bug name: Reporting problems