Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Samba 3.5.x / 3.6.x < 3.6.25 / 4.0.x < 4.0.25 / 4.1.x < 4.1.17 / 4.2.x < 4.2rc5 TALLOC_FREE() RCE

Critical

Synopsis

The remote version of Samba is outdated and affected by a remote code execution vulnerability.

Description

The version of Samba running on the remote host is 3.5.x prior to 3.5.22, 3.6.x prior to 3.6.25, 4.0.x prior to 4.0.25, 4.1.x prior to 4.1.17, or 4.2.x prior to 4.2rc5 and is affected by a remote code execution vulnerability in the TALLOC_FREE() function of 'rpc_server/netlogon/srv_netlog_nt.c'. A remote attacker, using a specially crafted sequence of packets followed by a subsequent anonymous netlogon packet, can execute arbitrary code as the root user.

Solution

Upgrade to 3.6.25 / 4.0.25 / 4.1.17 / 4.2rc5 or later.