CVE-2015-0240 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2015-0240

CVE-2015-0240

February 24, 2015

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Related Resources (39)

https://bugzilla.redhat.com/show_bug.cgi?id=1191325

http://security.gentoo.org/glsa/glsa-201502-15.xml

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345

http://rhn.redhat.com/errata/RHSA-2015-0249.html

http://www.securityfocus.com/bid/72711

https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/

http://rhn.redhat.com/errata/RHSA-2015-0254.html

http://marc.info/?l=bugtraq&m=142722696102151&w=2

http://rhn.redhat.com/errata/RHSA-2015-0250.html

http://rhn.redhat.com/errata/RHSA-2015-0253.html

http://rhn.redhat.com/errata/RHSA-2015-0251.html

https://www.samba.org/samba/security/CVE-2015-0240

http://www.mandriva.com/security/advisories?name=MDVSA-2015:082

http://www.mandriva.com/security/advisories?name=MDVSA-2015:081

https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0240

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

http://rhn.redhat.com/errata/RHSA-2015-0256.html

http://rhn.redhat.com/errata/RHSA-2015-0255.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html

http://www.debian.org/security/2015/dsa-3171

http://advisories.mageia.org/MGASA-2015-0084.html

https://support.lenovo.com/us/en/product_security/samba_remote_vuln

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

https://support.lenovo.com/product_security/samba_remote_vuln

https://security.netapp.com/advisory/ntap-20250509-0001/

https://access.redhat.com/security/cve/CVE-2015-0240

http://marc.info/?l=bugtraq&m=143039217203031&w=2

http://rhn.redhat.com/errata/RHSA-2015-0257.html

http://rhn.redhat.com/errata/RHSA-2015-0252.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

https://security-tracker.debian.org/tracker/CVE-2015-0240

https://access.redhat.com/articles/1346913

http://www.ubuntu.com/usn/USN-2508-1

https://www.exploit-db.com/exploits/36741/

http://www.securitytracker.com/id/1031783

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html

Do you need more information?

CVSS v4

Base Score:

8.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

POC

CVSS v3

Base Score:

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Exploit Maturity

FUNCTIONAL

CVSS v2

Base Score:

10

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

EPSS

Base Score:

89.54