Available Exploits 

• Samba _netr_ServerPasswordSet Uninitialized Credential State

Description

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

References

• BID-72711
• CVE-2015-0240
• DEBIAN-DSA-3171
• DISA_SEVERITY-Category I
• DISA_VMSKEY-V0058919
• IAVM-2015-A-0042
• REDHAT-RHSA-2015:0249
• REDHAT-RHSA-2015:0250
• REDHAT-RHSA-2015:0251
• REDHAT-RHSA-2015:0252
• REDHAT-RHSA-2015:0253
• REDHAT-RHSA-2015:0254
• REDHAT-RHSA-2015:0255
• REDHAT-RHSA-2015:0256
• REDHAT-RHSA-2015:0257

Solution

Related Vulnerabilities

• ELSA-2015-0250 Critical: Oracle Linux samba4 security update
• ELSA-2015-0252 Important: Oracle Linux samba security update
• ELSA-2015-0251 Critical: Oracle Linux samba security update
• Oracle Solaris 11: CVE-2015-0240: Vulnerability in Samba
• Gentoo Linux: CVE-2015-0240: Samba: Multiple vulnerabilities
• Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
• USN-2508-1: Samba vulnerability
• FreeBSD: samba -- Unexpected code execution in smbd (CVE-2015-0240)
• RHSA-2015:0250: samba4 security update
• DSA-3171-1 samba -- security update
• RHSA-2015:0252: samba security update
• RHSA-2015:0253: samba3x security update
• Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
• RHSA-2015:0255: samba4 security update
• RHSA-2015:0254: samba security update
• SUSE: CVE-2015-0240: SUSE Linux Security Advisory
• RHSA-2015:0249: samba3x security update
• Cent OS: CVE-2015-0240: CESA-2015:0252 (samba)
• Samba CVE-2015-0240: Unexpected code execution in smbd.
• RHSA-2015:0251: samba security update
• ELSA-2015-0249 Critical: Oracle Linux samba3x security update