HP-UX: CVE-2015-0240: CIFS Server (Samba) Vulnerability on HPUX
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | February 23, 2015 | August 11, 2017 | September 12, 2017 |
Available Exploits 
Description
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- BID-72711
- CVE-2015-0240
- DEBIAN-DSA-3171
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0058919
- IAVM-2015-A-0042
- REDHAT-RHSA-2015:0249
- REDHAT-RHSA-2015:0250
- REDHAT-RHSA-2015:0251
- REDHAT-RHSA-2015:0252
- REDHAT-RHSA-2015:0253
- REDHAT-RHSA-2015:0254
- REDHAT-RHSA-2015:0255
- REDHAT-RHSA-2015:0256
- REDHAT-RHSA-2015:0257
Solution
hpux-update-cifs-development-cifs-prgRelated Vulnerabilities
- ELSA-2015-0250 Critical: Oracle Linux samba4 security update
- ELSA-2015-0252 Important: Oracle Linux samba security update
- ELSA-2015-0251 Critical: Oracle Linux samba security update
- Oracle Solaris 11: CVE-2015-0240: Vulnerability in Samba
- Gentoo Linux: CVE-2015-0240: Samba: Multiple vulnerabilities
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- USN-2508-1: Samba vulnerability
- FreeBSD: samba -- Unexpected code execution in smbd (CVE-2015-0240)
- RHSA-2015:0250: samba4 security update
- DSA-3171-1 samba -- security update
- RHSA-2015:0252: samba security update
- RHSA-2015:0253: samba3x security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- RHSA-2015:0255: samba4 security update
- RHSA-2015:0254: samba security update
- SUSE: CVE-2015-0240: SUSE Linux Security Advisory
- RHSA-2015:0249: samba3x security update
- Cent OS: CVE-2015-0240: CESA-2015:0252 (samba)
- Samba CVE-2015-0240: Unexpected code execution in smbd.
- RHSA-2015:0251: samba security update
- ELSA-2015-0249 Critical: Oracle Linux samba3x security update