CVE-2015-0240

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

References

http://advisories.mageia.org/MGASA-2015-0084.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

http://marc.info/?l=bugtraq&m=142722696102151&w=2

http://marc.info/?l=bugtraq&m=143039217203031&w=2

http://rhn.redhat.com/errata/RHSA-2015-0249.html

http://rhn.redhat.com/errata/RHSA-2015-0250.html

http://rhn.redhat.com/errata/RHSA-2015-0251.html

http://rhn.redhat.com/errata/RHSA-2015-0252.html

http://rhn.redhat.com/errata/RHSA-2015-0253.html

http://rhn.redhat.com/errata/RHSA-2015-0254.html

http://rhn.redhat.com/errata/RHSA-2015-0255.html

http://rhn.redhat.com/errata/RHSA-2015-0256.html

http://rhn.redhat.com/errata/RHSA-2015-0257.html

http://security.gentoo.org/glsa/glsa-201502-15.xml

http://www.debian.org/security/2015/dsa-3171

http://www.mandriva.com/security/advisories?name=MDVSA-2015:081

http://www.mandriva.com/security/advisories?name=MDVSA-2015:082

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.securityfocus.com/bid/72711

http://www.securitytracker.com/id/1031783

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345

http://www.ubuntu.com/usn/USN-2508-1

https://access.redhat.com/articles/1346913

https://bugzilla.redhat.com/show_bug.cgi?id=1191325

https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/

https://support.lenovo.com/product_security/samba_remote_vuln

https://support.lenovo.com/us/en/product_security/samba_remote_vuln

https://www.exploit-db.com/exploits/36741/

https://www.samba.org/samba/security/CVE-2015-0240

Details

Source: MITRE

Published: 2015-02-24

Updated: 2019-04-22

Type: CWE-17

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.17:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.18:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.19:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.20:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.21:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.22:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.24:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:novell:suse_linux_enterprise_desktop:12:*:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_server:12:*:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
146265RHEL 6 : Storage Server (RHSA-2015:0257)NessusRed Hat Local Security Checks
critical
90609openSUSE Security Update : samba (openSUSE-2016-490) (Badlock)NessusSuSE Local Security Checks
high
90558openSUSE Security Update : samba (openSUSE-2016-462) (Badlock)NessusSuSE Local Security Checks
high
83687SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2015:0353-1)NessusSuSE Local Security Checks
critical
8753Samba 3.5.x / 3.6.x < 3.6.25 / 4.0.x < 4.0.25 / 4.1.x < 4.1.17 / 4.2.x < 4.2rc5 TALLOC_FREE() RCENessus Network MonitorSamba
critical
82336Mandriva Linux Security Advisory : samba4 (MDVSA-2015:083)NessusMandriva Local Security Checks
critical
82335Mandriva Linux Security Advisory : samba (MDVSA-2015:082)NessusMandriva Local Security Checks
critical
82334Mandriva Linux Security Advisory : samba (MDVSA-2015:081)NessusMandriva Local Security Checks
critical
82139Debian DLA-156-1 : samba security updateNessusDebian Local Security Checks
critical
81653Slackware 14.1 / current : samba (SSA:2015-064-01)NessusSlackware Local Security Checks
critical
81561openSUSE Security Update : samba (openSUSE-2015-179)NessusSuSE Local Security Checks
critical
81536GLSA-201502-15 : Samba: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
81508SuSE 11.3 Security Update : Samba (SAT Patch Number 10321)NessusSuSE Local Security Checks
critical
81485Samba 3.5.x < 3.5.22 / 3.6.x < 3.6.25 / 4.0.x < 4.0.25 / 4.1.x < 4.1.17 TALLOC_FREE() RCENessusMisc.
critical
81483Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : samba vulnerability (USN-2508-1)NessusUbuntu Local Security Checks
critical
81479Scientific Linux Security Update : samba on SL7.x x86_64 (20150223)NessusScientific Linux Local Security Checks
critical
81478Scientific Linux Security Update : samba on SL6.x, SL7.x i386/x86_64 (20150223)NessusScientific Linux Local Security Checks
critical
81477Scientific Linux Security Update : samba on SL5.x i386 (20150223)NessusScientific Linux Local Security Checks
critical
81476Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20150223)NessusScientific Linux Local Security Checks
critical
81475RHEL 6 : Storage Server (RHSA-2015:0256)NessusRed Hat Local Security Checks
critical
81474RHEL 6 : samba4 (RHSA-2015:0255)NessusRed Hat Local Security Checks
critical
81473RHEL 6 : samba (RHSA-2015:0254)NessusRed Hat Local Security Checks
critical
81472RHEL 5 : samba3x (RHSA-2015:0253)NessusRed Hat Local Security Checks
critical
81471RHEL 7 : samba (RHSA-2015:0252)NessusRed Hat Local Security Checks
critical
81470RHEL 6 : samba (RHSA-2015:0251)NessusRed Hat Local Security Checks
critical
81469RHEL 6 : samba4 (RHSA-2015:0250)NessusRed Hat Local Security Checks
critical
81468RHEL 5 : samba3x (RHSA-2015:0249)NessusRed Hat Local Security Checks
critical
81467Oracle Linux 7 : samba (ELSA-2015-0252)NessusOracle Linux Local Security Checks
critical
81466Oracle Linux 6 : samba (ELSA-2015-0251)NessusOracle Linux Local Security Checks
critical
81465Oracle Linux 6 : samba4 (ELSA-2015-0250)NessusOracle Linux Local Security Checks
critical
81464Oracle Linux 5 : samba3x (ELSA-2015-0249)NessusOracle Linux Local Security Checks
critical
81463FreeBSD : samba -- Unexpected code execution in smbd (996c219c-bbb1-11e4-88ae-d050992ecde8)NessusFreeBSD Local Security Checks
critical
81450Debian DSA-3171-1 : samba - security updateNessusDebian Local Security Checks
critical
81443CentOS 7 : samba (CESA-2015:0252)NessusCentOS Local Security Checks
critical
81442CentOS 6 : samba (CESA-2015:0251)NessusCentOS Local Security Checks
critical
81441CentOS 6 : samba4 (CESA-2015:0250)NessusCentOS Local Security Checks
critical
81440CentOS 5 : samba3x (CESA-2015:0249)NessusCentOS Local Security Checks
critical