CVE-2015-0240
24.02.2015, 01:59
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| samba | samba | 3.5.0 |
| samba | samba | 3.5.1 |
| samba | samba | 3.5.2 |
| samba | samba | 3.5.3 |
| samba | samba | 3.5.4 |
| samba | samba | 3.5.5 |
| samba | samba | 3.5.6 |
| samba | samba | 3.5.7 |
| samba | samba | 3.5.8 |
| samba | samba | 3.5.9 |
| samba | samba | 3.5.10 |
| samba | samba | 3.5.11 |
| samba | samba | 3.5.12 |
| samba | samba | 3.5.13 |
| samba | samba | 3.5.14 |
| samba | samba | 3.5.15 |
| samba | samba | 3.5.16 |
| samba | samba | 3.5.17 |
| samba | samba | 3.5.18 |
| samba | samba | 3.5.19 |
| samba | samba | 3.5.20 |
| samba | samba | 3.5.21 |
| samba | samba | 3.5.22 |
| samba | samba | 3.6.0 |
| samba | samba | 3.6.1 |
| samba | samba | 3.6.2 |
| samba | samba | 3.6.10 |
| samba | samba | 3.6.11 |
| samba | samba | 3.6.12 |
| samba | samba | 3.6.13 |
| samba | samba | 3.6.14 |
| samba | samba | 3.6.15 |
| samba | samba | 3.6.16 |
| samba | samba | 3.6.17 |
| samba | samba | 3.6.18 |
| samba | samba | 3.6.19 |
| samba | samba | 3.6.20 |
| samba | samba | 3.6.21 |
| samba | samba | 3.6.22 |
| samba | samba | 3.6.23 |
| samba | samba | 3.6.24 |
| samba | samba | 4.0.0 |
| samba | samba | 4.0.1 |
| samba | samba | 4.0.2 |
| samba | samba | 4.0.3 |
| samba | samba | 4.0.4 |
| samba | samba | 4.0.5 |
| samba | samba | 4.0.6 |
| samba | samba | 4.0.7 |
| samba | samba | 4.0.8 |
| samba | samba | 4.0.9 |
| samba | samba | 4.0.10 |
| samba | samba | 4.0.11 |
| samba | samba | 4.0.12 |
| samba | samba | 4.0.13 |
| samba | samba | 4.0.14 |
| samba | samba | 4.0.15 |
| samba | samba | 4.0.16 |
| samba | samba | 4.0.17 |
| samba | samba | 4.0.18 |
| samba | samba | 4.0.19 |
| samba | samba | 4.0.20 |
| samba | samba | 4.0.21 |
| samba | samba | 4.0.22 |
| samba | samba | 4.0.23 |
| samba | samba | 4.0.24 |
| samba | samba | 4.1.0 |
| samba | samba | 4.1.1 |
| samba | samba | 4.1.2 |
| samba | samba | 4.1.3 |
| samba | samba | 4.1.4 |
| samba | samba | 4.1.5 |
| samba | samba | 4.1.6 |
| samba | samba | 4.1.7 |
| samba | samba | 4.1.8 |
| samba | samba | 4.1.9 |
| samba | samba | 4.1.10 |
| samba | samba | 4.1.11 |
| samba | samba | 4.1.12 |
| samba | samba | 4.1.13 |
| samba | samba | 4.1.14 |
| samba | samba | 4.1.15 |
| samba | samba | 4.1.16 |
| samba | samba | 4.2.0:rc1 |
| samba | samba | 4.2.0:rc2 |
| samba | samba | 4.2.0:rc3 |
| samba | samba | 4.2.0:rc4 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 14.10 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| samba |
| ||||||||||||||||||
| samba4 |
|
openSUSE / SLES Releases
openSUSE Product | |||||
|---|---|---|---|---|---|
| libdcerpc-binding0 |
| ||||
| libdcerpc-binding0-32bit |
| ||||
| libdcerpc0 |
| ||||
| libdcerpc0-32bit |
| ||||
| libgensec0 |
| ||||
| libgensec0-32bit |
| ||||
| libndr-krb5pac0 |
| ||||
| libndr-krb5pac0-32bit |
| ||||
| libndr-nbt0 |
| ||||
| libndr-nbt0-32bit |
| ||||
| libndr-standard0 |
| ||||
| libndr-standard0-32bit |
| ||||
| libndr0 |
| ||||
| libndr0-32bit |
| ||||
| libnetapi0 |
| ||||
| libnetapi0-32bit |
| ||||
| libpdb0 |
| ||||
| libpdb0-32bit |
| ||||
| libregistry0 |
| ||||
| libsamba-credentials0 |
| ||||
| libsamba-credentials0-32bit |
| ||||
| libsamba-hostconfig0 |
| ||||
| libsamba-hostconfig0-32bit |
| ||||
| libsamba-util0 |
| ||||
| libsamba-util0-32bit |
| ||||
| libsamdb0 |
| ||||
| libsamdb0-32bit |
| ||||
| libsmbclient-raw0 |
| ||||
| libsmbclient-raw0-32bit |
| ||||
| libsmbclient0 |
| ||||
| libsmbclient0-32bit |
| ||||
| libsmbconf0 |
| ||||
| libsmbconf0-32bit |
| ||||
| libsmbldap0 |
| ||||
| libsmbldap0-32bit |
| ||||
| libtevent-util0 |
| ||||
| libtevent-util0-32bit |
| ||||
| libwbclient0 |
| ||||
| libwbclient0-32bit |
| ||||
| samba |
| ||||
| samba-32bit |
| ||||
| samba-client |
| ||||
| samba-client-32bit |
| ||||
| samba-doc |
| ||||
| samba-libs |
| ||||
| samba-libs-32bit |
| ||||
| samba-winbind |
| ||||
| samba-winbind-32bit |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| libsmbclient |
| ||||
| libsmbclient-devel |
| ||||
| libwbclient |
| ||||
| libwbclient-devel |
| ||||
| samba |
| ||||
| samba-client |
| ||||
| samba-common |
| ||||
| samba-dc |
| ||||
| samba-dc-libs |
| ||||
| samba-devel |
| ||||
| samba-doc |
| ||||
| samba-domainjoin-gui |
| ||||
| samba-glusterfs |
| ||||
| samba-libs |
| ||||
| samba-pidl |
| ||||
| samba-python |
| ||||
| samba-swat |
| ||||
| samba-test |
| ||||
| samba-test-devel |
| ||||
| samba-vfs-glusterfs |
| ||||
| samba-winbind |
| ||||
| samba-winbind-clients |
| ||||
| samba-winbind-devel |
| ||||
| samba-winbind-krb5-locator |
| ||||
| samba-winbind-modules |
| ||||
| samba4 |
| ||||
| samba4-client |
| ||||
| samba4-common |
| ||||
| samba4-dc |
| ||||
| samba4-dc-libs |
| ||||
| samba4-devel |
| ||||
| samba4-libs |
| ||||
| samba4-pidl |
| ||||
| samba4-python |
| ||||
| samba4-swat |
| ||||
| samba4-test |
| ||||
| samba4-winbind |
| ||||
| samba4-winbind-clients |
| ||||
| samba4-winbind-krb5-locator |
|
Common Weakness Enumeration