#VU33830 Input validation error in Samba - CVE-2015-0240


| Updated: 2020-11-20

Vulnerability identifier: #VU33830

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2015-0240

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 3.6.0 - 3.6.24, 4.0.0 - 4.0.24, 4.1.0 - 4.1.16, 4.2.0 - 4.2.14

External links
https://advisories.mageia.org/MGASA-2015-0084.html
https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html
https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html
https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://marc.info/?l=bugtraq&m=142722696102151&w=2
https://marc.info/?l=bugtraq&m=143039217203031&w=2
https://rhn.redhat.com/errata/RHSA-2015-0249.html
https://rhn.redhat.com/errata/RHSA-2015-0250.html
https://rhn.redhat.com/errata/RHSA-2015-0251.html
https://rhn.redhat.com/errata/RHSA-2015-0252.html
https://rhn.redhat.com/errata/RHSA-2015-0253.html
https://rhn.redhat.com/errata/RHSA-2015-0254.html
https://rhn.redhat.com/errata/RHSA-2015-0255.html
https://rhn.redhat.com/errata/RHSA-2015-0256.html
https://rhn.redhat.com/errata/RHSA-2015-0257.html
https://security.gentoo.org/glsa/glsa-201502-15.xml
https://www.debian.org/security/2015/dsa-3171
https://www.mandriva.com/security/advisories?name=MDVSA-2015:081
https://www.mandriva.com/security/advisories?name=MDVSA-2015:082
https://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://www.securityfocus.com/bid/72711
https://www.securitytracker.com/id/1031783
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345
https://www.ubuntu.com/usn/USN-2508-1
https://access.redhat.com/articles/1346913
https://bugzilla.redhat.com/show_bug.cgi?id=1191325
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
https://support.lenovo.com/product_security/samba_remote_vuln
https://support.lenovo.com/us/en/product_security/samba_remote_vuln
https://www.exploit-db.com/exploits/36741/
https://www.samba.org/samba/security/CVE-2015-0240

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.


Latest bulletins with this vulnerability


Input validation error in HP Systems Insight Manager
Input validation error in HP Server Automation
Input validation error in HP-UX CIFS Server (Samba)
Slackware Linux update for samba
SUSE Linux update for Samba
SUSE Linux update for Samba
Input validation error in samba (Alpine package)
Input validation error in Samba
SUSE Linux update for samba
Fedora 21 update for samba