ID CVE-2015-0240
Summary The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux 5
    cpe:2.3:o:redhat:enterprise_linux:5
  • Red Hat Enterprise Linux 6
    cpe:2.3:o:redhat:enterprise_linux:6
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Samba 4.0.0
    cpe:2.3:a:samba:samba:4.0.0
  • Samba 4.0.1
    cpe:2.3:a:samba:samba:4.0.1
  • Samba 4.0.10
    cpe:2.3:a:samba:samba:4.0.10
  • Samba 4.0.11
    cpe:2.3:a:samba:samba:4.0.11
  • Samba 4.0.12
    cpe:2.3:a:samba:samba:4.0.12
  • Samba 4.0.13
    cpe:2.3:a:samba:samba:4.0.13
  • Samba 4.0.14
    cpe:2.3:a:samba:samba:4.0.14
  • Samba 4.0.15
    cpe:2.3:a:samba:samba:4.0.15
  • Samba 4.0.16
    cpe:2.3:a:samba:samba:4.0.16
  • Samba 4.0.17
    cpe:2.3:a:samba:samba:4.0.17
  • Samba 4.0.18
    cpe:2.3:a:samba:samba:4.0.18
  • Samba 4.0.19
    cpe:2.3:a:samba:samba:4.0.19
  • Samba 4.0.2
    cpe:2.3:a:samba:samba:4.0.2
  • Samba 4.0.20
    cpe:2.3:a:samba:samba:4.0.20
  • Samba 4.0.21
    cpe:2.3:a:samba:samba:4.0.21
  • Samba 4.0.22
    cpe:2.3:a:samba:samba:4.0.22
  • Samba 4.0.23
    cpe:2.3:a:samba:samba:4.0.23
  • Samba 4.0.24
    cpe:2.3:a:samba:samba:4.0.24
  • Samba 4.0.3
    cpe:2.3:a:samba:samba:4.0.3
  • Samba 4.0.4
    cpe:2.3:a:samba:samba:4.0.4
  • Samba 4.0.5
    cpe:2.3:a:samba:samba:4.0.5
  • Samba 4.0.6
    cpe:2.3:a:samba:samba:4.0.6
  • Samba 4.0.7
    cpe:2.3:a:samba:samba:4.0.7
  • Samba 4.0.8
    cpe:2.3:a:samba:samba:4.0.8
  • Samba 4.0.9
    cpe:2.3:a:samba:samba:4.0.9
  • Samba 4.1.0
    cpe:2.3:a:samba:samba:4.1.0
  • Samba 4.1.1
    cpe:2.3:a:samba:samba:4.1.1
  • Samba 4.1.10
    cpe:2.3:a:samba:samba:4.1.10
  • Samba 4.1.11
    cpe:2.3:a:samba:samba:4.1.11
  • Samba 4.1.12
    cpe:2.3:a:samba:samba:4.1.12
  • Samba 4.1.13
    cpe:2.3:a:samba:samba:4.1.13
  • Samba 4.1.14
    cpe:2.3:a:samba:samba:4.1.14
  • Samba 4.1.15
    cpe:2.3:a:samba:samba:4.1.15
  • Samba 4.1.16
    cpe:2.3:a:samba:samba:4.1.16
  • Samba 4.1.2
    cpe:2.3:a:samba:samba:4.1.2
  • Samba 4.1.3
    cpe:2.3:a:samba:samba:4.1.3
  • Samba 4.1.4
    cpe:2.3:a:samba:samba:4.1.4
  • Samba 4.1.5
    cpe:2.3:a:samba:samba:4.1.5
  • Samba 4.1.6
    cpe:2.3:a:samba:samba:4.1.6
  • Samba 4.1.7
    cpe:2.3:a:samba:samba:4.1.7
  • Samba 4.1.8
    cpe:2.3:a:samba:samba:4.1.8
  • Samba 4.1.9
    cpe:2.3:a:samba:samba:4.1.9
  • Samba 4.2.0 release candidate 1
    cpe:2.3:a:samba:samba:4.2.0:rc1
  • Samba 4.2.0 release candidate 2
    cpe:2.3:a:samba:samba:4.2.0:rc2
  • Samba 4.2.0 release candidate 3
    cpe:2.3:a:samba:samba:4.2.0:rc3
  • Samba 4.2.0 release candidate 4
    cpe:2.3:a:samba:samba:4.2.0:rc4
  • Samba 3.5.0
    cpe:2.3:a:samba:samba:3.5.0
  • Samba 3.5.1
    cpe:2.3:a:samba:samba:3.5.1
  • Samba 3.5.3
    cpe:2.3:a:samba:samba:3.5.3
  • Samba 3.5.4
    cpe:2.3:a:samba:samba:3.5.4
  • Samba 3.5.5
    cpe:2.3:a:samba:samba:3.5.5
  • Samba 3.5.6
    cpe:2.3:a:samba:samba:3.5.6
  • Samba 3.5.7
    cpe:2.3:a:samba:samba:3.5.7
  • Samba 3.5.8
    cpe:2.3:a:samba:samba:3.5.8
  • Samba 3.5.9
    cpe:2.3:a:samba:samba:3.5.9
  • Samba 3.6.0
    cpe:2.3:a:samba:samba:3.6.0
  • Samba 3.6.1
    cpe:2.3:a:samba:samba:3.6.1
  • Samba 3.6.10
    cpe:2.3:a:samba:samba:3.6.10
  • Samba 3.6.11
    cpe:2.3:a:samba:samba:3.6.11
  • Samba 3.6.12
    cpe:2.3:a:samba:samba:3.6.12
  • Samba 3.6.13
    cpe:2.3:a:samba:samba:3.6.13
  • Samba 3.6.14
    cpe:2.3:a:samba:samba:3.6.14
  • Samba 3.6.15
    cpe:2.3:a:samba:samba:3.6.15
  • Samba 3.6.16
    cpe:2.3:a:samba:samba:3.6.16
  • Samba 3.6.17
    cpe:2.3:a:samba:samba:3.6.17
  • Samba 3.6.18
    cpe:2.3:a:samba:samba:3.6.18
  • Samba 3.6.19
    cpe:2.3:a:samba:samba:3.6.19
  • Samba 3.6.2
    cpe:2.3:a:samba:samba:3.6.2
  • Samba 3.6.20
    cpe:2.3:a:samba:samba:3.6.20
  • Samba 3.6.21
    cpe:2.3:a:samba:samba:3.6.21
  • Samba 3.6.22
    cpe:2.3:a:samba:samba:3.6.22
  • Samba 3.6.23
    cpe:2.3:a:samba:samba:3.6.23
  • Samba 3.6.24
    cpe:2.3:a:samba:samba:3.6.24
  • Samba 3.5.10
    cpe:2.3:a:samba:samba:3.5.10
  • Samba 3.5.11
    cpe:2.3:a:samba:samba:3.5.11
  • Samba 3.5.12
    cpe:2.3:a:samba:samba:3.5.12
  • Samba 3.5.13
    cpe:2.3:a:samba:samba:3.5.13
  • Samba 3.5.14
    cpe:2.3:a:samba:samba:3.5.14
  • Samba 3.5.15
    cpe:2.3:a:samba:samba:3.5.15
  • Samba 3.5.16
    cpe:2.3:a:samba:samba:3.5.16
  • Samba 3.5.17
    cpe:2.3:a:samba:samba:3.5.17
  • Samba 3.5.18
    cpe:2.3:a:samba:samba:3.5.18
  • Samba 3.5.19
    cpe:2.3:a:samba:samba:3.5.19
  • Samba 3.5.2
    cpe:2.3:a:samba:samba:3.5.2
  • Samba 3.5.20
    cpe:2.3:a:samba:samba:3.5.20
  • Samba 3.5.21
    cpe:2.3:a:samba:samba:3.5.21
  • Samba 3.5.22
    cpe:2.3:a:samba:samba:3.5.22
  • cpe:2.3:o:novell:suse_linux_enterprise_server:12
    cpe:2.3:o:novell:suse_linux_enterprise_server:12
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:12
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.10
    cpe:2.3:o:canonical:ubuntu_linux:14.10
CVSS
Base: 10.0 (as of 27-02-2015 - 14:05)
Impact:
Exploitability:
CWE CWE-17
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Samba < 3.6.2 x86 - PoC. CVE-2015-0240. Dos exploit for linux platform
file exploits/linux_x86/dos/36741.py
id EDB-ID:36741
last seen 2016-02-04
modified 2015-04-13
platform linux_x86
port
published 2015-04-13
reporter sleepya
source https://www.exploit-db.com/download/36741/
title Samba < 3.6.2 x86 - PoC
type dos
metasploit via4
description This module checks if a Samba target is vulnerable to an uninitialized variable creds vulnerability.
id MSF:AUXILIARY/SCANNER/SMB/SMB_UNINIT_CRED
last seen 2018-12-13
modified 2017-07-24
published 2015-03-05
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_uninit_cred.rb
title Samba _netr_ServerPasswordSet Uninitialized Credential State
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-490.NASL
    description This update fixes these security vulnerabilities : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2114: 'server signing = mandatory' not enforced (bsc#973035). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). The openSUSE 13.1 update also upgrades to samba 4.2.4 as 4.1.x versions are no longer supported by upstream. As a side effect, libpdb0 package was replaced by libsamba-passdb0.
    last seen 2018-09-01
    modified 2016-12-07
    plugin id 90609
    published 2016-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90609
    title openSUSE Security Update : samba (openSUSE-2016-490) (Badlock)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-462.NASL
    description samba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). - CVE-2015-3223: Malicious request can cause Samba LDAP server to hang, spinning using CPU (boo#958581). - CVE-2015-5330: Remote read memory exploit in LDB (boo#958586). - CVE-2015-5252: Insufficient symlink verification (file access outside the share)(boo#958582). - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (boo#958584). - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (boo#958583). - CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts (boo#958585). - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target (boo#968222). These non-security issues were fixed : - Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (boo#974629). - Align fsrvp feature sources with upstream version. - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel; (boo#973832). - s3:utils/smbget: Fix recursive download; (bso#6482). - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). - docs: Add example for domain logins to smbspool man page; (bso#11643). - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). - loadparm: Fix memory leak issue; (bso#11708). - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). - ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'; (bso#11719). - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). - param: Fix str_list_v3 to accept ';' again; (bso#11732). - Real memeory leak(buildup) issue in loadparm; (bso#11740). - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it; (boo#972197). - Upgrade on-disk FSRVP server state to new version; (boo#924519). - Only obsolete but do not provide gplv2/3 package names; (boo#968973). - Enable clustering (CTDB) support; (boo#966271). - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (boo#964023). - vfs_fruit: Fix renaming directories with open files; (bso#11065). - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347). - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). - Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). - s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). - Reduce the memory footprint of empty string options; (bso#11625). - lib/async_req: Do not install async_connect_send_test; (bso#11639). - docs: Fix typos in man vfs_gpfs; (bso#11641). - smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645). - smbcacls: Fix uninitialized variable; (bso#11682). - s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). - Changing log level of two entries to from 1 to 3; (bso#9912). - vfs_gpfs: Re-enable share modes; (bso#11243). - wafsamba: Also build libraries with RELRO protection; (bso#11346). - ctdb: Strip trailing spaces from nodes file; (bso#11365). - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452). - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563). - async_req: Fix non-blocking connect(); (bso#11564). - auth: gensec: Fix a memory leak; (bso#11565). - lib: util: Make non-critical message a warning; (bso#11566). - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (boo#949022). - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). - ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). - manpage: Correct small typo error; (bso#11584). - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589). - Backport some valgrind fixes from upstream master; (bso#11597). - s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). - docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619). - Remove redundant configure options while adding with-relro. - s3: smbd: Fix our access-based enumeration on 'hide unreadable' to match Windows; (bso#10252). - smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). - kerberos: Make sure we only use prompter type when available; (bso#11038). - s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket; (bso#11316). - dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327). - Fix a deadlock in tdb; (bso#11381). - s3: smbd: Fix mkdir race condition; (bso#11486). - pam_winbind: Fix a segfault if initialization fails; (bso#11502). - s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). - s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). - net: Fix a crash with 'net ads keytab create'; (bso#11528). - s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). - vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). - vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). - Fix bug in smbstatus where the lease info is not printed; (bso#11549). - s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). - Relocate the tmpfiles.d directory to the client package; (boo#947552). - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (boo#942716). - Package /var/lib/samba/private/sock with 0700 permissions; (boo#946051). - auth/credentials: If credentials have principal set, they are not anonymous anymore; (bso#11265). - Fix stream names with colon with 'fruit:encoding = native'; (bso#11278). - s4:rpc_server/netlogon: Fix for NetApp; (bso#11291). - lib: Fix rundown of open_socket_out(); (bso#11316). - s3:lib: Fix some corner cases of open_socket_out_cleanup(); (bso#11316). - vfs:fruit: Implement copyfile style copy_chunk; (bso#11317). - ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM; (bso#11398). - ctdb-scripts: Support monitoring of interestingly named VLANs on bonds; (bso#11399). - ctdb-daemon: Improve error handling for running event scripts; (bso#11431). - ctdb-daemon: Check if updates are in flight when releasing all IPs; (bso#11432). - ctdb-build: Fix building of PCP PMDA module; (bso#11435). - Backport dcesrv_netr_DsRGetDCNameEx2 fixes; (bso#11454). - vfs_fruit: Handling of empty resource fork; (bso#11467). - Avoid quoting problems in user's DNs; (bso#11488). - s3-auth: Fix 'map to guest = Bad uid'; (bso#9862). - s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). - s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). - winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). - Logon via MS Remote Desktop hangs; (bso#11061). - s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). - tevent: Add a note to tevent_add_fd(); (bso#11141). - s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). - s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). - smbd: Fix a use-after-free; (bso#11218); (boo#919309). - s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). - s3:smb2: Add padding to last command in compound requests; (bso#11277). - Add IPv6 support to ADS client side LDAP connects; (bso#11281). - Add IPv6 support for determining FQDN during ADS join; (bso#11282). - s3: IPv6 enabled DNS connections for ADS client; (bso#11283). - Fix invalid write in ctdb_lock_context_destructor; (bso#11293). - Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). - vfs_fruit: Add option 'veto_appledouble'; (bso#11305). - tstream: Make socketpair nonblocking; (bso#11312). - idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). - Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). - tevent_fd needs to be destroyed before closing the fd; (bso#11316). - Build fails on Solaris 11 with '‘PTHREAD_MUTEX_ROBUST’ undeclared'; (bso#11319). - smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). - Change sharesec output back to previous format; (bso#11324). - Robust mutex support broken in 1.3.5; (bso#11326). - Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (boo#912457). - s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). - tevent: Fix CID 1035381 Unchecked return value; (bso#11330). - tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). - s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). - s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). - pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). - winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). - vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). - docs: Overhaul the description of 'smb encrypt' to include SMB3 encryption; (bso#11366). - s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). - ncacn_http: Fix GNUism; (bso#11371). - Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (boo#912457). - Order winbind.service Before and Want nss-user-lookup target. - s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). - gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). - s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). - s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). - s3: smbd: Incorrect file size returned in the response of 'FILE_SUPERSEDE Create'; (bso#11240). - Mangled names do not work with acl_xattr; (bso#11249). - nmbd rewrites browse.dat when not required; (bso#11254). - vfs_fruit: add option 'nfs_aces' that controls the NFS ACEs stuff; (bso#11213). - s3:smbd: Add missing tevent_req_nterror; (bso#11224). - vfs: kernel_flock and named streams; (bso#11243). - vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). - s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). - ctdb: check for talloc_asprintf() failure; (bso#11201). - spoolss: purge the printer name cache on name change; (bso#11210); (boo#901813). - CTDB statd-callout does not scale; (bso#11204). - vfs_fruit: also map characters below 0x20; (bso#11221). - ctdb: Coverity fix for CID 1291643; (bso#11201). - Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). - Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). - ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). - ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). - SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). - s3:winbindd: make sure we remove pending io requests before closing client - 'sharesec' output no longer matches input format; (bso#11237). - waf: Fix systemd detection; (bso#11200). - CTDB: Fix portability issues; (bso#11202). - CTDB: Fix some IPv6-related issues; (bso#11203). - CTDB statd-callout does not scale; (bso#11204). - 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). - libads: record service ticket endtime for sealed ldap connections; - lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033). - Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). - s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). - build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). - waf: Fix the build on openbsd; (bso#10476). - s3: client: 'client use spnego principal = yes' code checks wrong name; - spoolss: Retrieve published printer GUID if not in registry; (bso#11018). - vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). - backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). - replace: Remove superfluous check for gcrypt header; (bso#11135). - Backport subunit changes; (bso#11137). - libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). - s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). - talloc: Version 2.1.2; (bso#11144). - Update libwbclient version to 0.12; (bso#11149). - brlock: Use 0 instead of empty initializer list; (bso#11153). - s4:auth/gensec_gssapi: Let gensec_gssapi_update() return - backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). - Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). - Prevent samba package updates from disabling samba kerberos printing. - Add sparse file support for samba; (fate#318424). - Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root. - smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). - pam_winbind: fix warn_pwd_expire implementation; (bso#9056). - nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). - Make 'profiles' work again; (bso#9629). - s3:smb2_server: protect against integer wrap with 'smb2 max credits = 65535'; (bso#9702). - Make validate_ldb of String(Generalized-Time) accept millisecond format '.000Z'; (bso#9810). - Use -R linker flag on Solaris, not -rpath; (bso#10112). - vfs: Add glusterfs manpage; (bso#10240). - Make 'smbclient' use cached creds; (bso#10279). - pdb: Fix build issues with shared modules; (bso#10355). - s4-dns: Add support for BIND 9.10; (bso#10620). - idmap: Return the correct id type to *id_to_sid methods; (bso#10720). - printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). - Don't build vfs_snapper on FreeBSD; (bso#10834). - nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). - idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). - s3: smb2cli: query info return length check was reversed; (bso#10848). - s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). - lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). - winbind3: Fix pwent variable substitution; (bso#10852). - Improve samba-regedit; (bso#10859). - registry: Don't leave dangling transactions; (bso#10860). - Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). - build: Do not install 'texpect' binary anymore; (bso#10862). - Fix testparm to show hidden share defaults; (bso#10864). - libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). - Integrate CTDB into top-level Samba build; (bso#10892). - samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). - s3-nmbd: Fix netbios name truncation; (bso#10896). - spoolss: Fix handling of bad EnumJobs levels; (bso#10898). - Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). - Fix print job enumeration; (bso#10905); (boo#898031). - samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). - Add support for SMB2 leases; (bso#10911). - btrfs: Don't leak opened directory handle; (bso#10918). - s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). - s3:smbd: Fix file corruption using 'write cache size != 0'; (bso#10921). - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). - s3-keytab: fix keytab array NULL termination; (bso#10933). - s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). - Cleanup add_string_to_array and usage; (bso#10942). - dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). - Fix RootDSE search with extended dn control; (bso#10949). - Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). - libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). - s3-smbclient: Return success if we listed the shares; (bso#10960). - s3-smbstatus: Fix exit code of profile output; (bso#10961). - socket_wrapper: Add missing prototype check for eventfd; (bso#10965). - libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). - vfs_streams_xattr: Check stream type; (bso#10971). - s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). - vfs_fruit: Add support for AAPL; (bso#10983). - Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). - dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). - Fix IPv6 support in CTDB; (bso#10996). - ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). - vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). - s3-util: Fix authentication with long hostnames; (bso#11008). - ctdb-build: Fix build without xsltproc; (bso#11014). - packaging: Include CTDB man pages in the tarball; (bso#11014). - pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). - Make Sharepoint search show user documents; (bso#11022). - nss_wrapper: check for nss.h; (bso#11026). - Enable mutexes in gencache_notrans.tdb; (bso#11032). - tdb_wrap: Make mutexes easier to use; (bso#11032). - lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). - winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). - s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). - vfs_fruit: Fix base_fsp name conversion; (bso#11039). - vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). - Fix authentication using Kerberos (not AD); (bso#11044). - net: Fix sam addgroupmem; (bso#11051). - vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (boo#913238). - cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). - utils: Fix 'net time' segfault; (bso#11058). - libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). - s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). - vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). - vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). - vfs_glusterfs: Implement AIO support; (bso#11069). - s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). - s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (boo#917376). - vfs: Add a brief vfs_ceph manpage; (bso#11088). - s3: smbclient: Allinfo leaves the file handle open; (bso#11094). - Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). - debug: Set close-on-exec for the main log file FD; (bso#11100). - s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). - s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). - doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). - snprintf: Try to support %j; (bso#11119). - ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). - doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127). - Fix usage of freed memory on server exit; (bso#11218); (boo#919309). - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1; (fate#313346).
    last seen 2018-09-01
    modified 2016-12-07
    plugin id 90558
    published 2016-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90558
    title openSUSE Security Update : samba (openSUSE-2016-462) (Badlock)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-064-01.NASL
    description New samba packages are available for Slackware 14.1 and -current to fix security issues.
    last seen 2018-09-01
    modified 2016-01-10
    plugin id 81653
    published 2015-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81653
    title Slackware 14.1 / current : samba (SSA:2015-064-01)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150223_SAMBA_ON_SL5_X.NASL
    description An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically.
    last seen 2018-09-01
    modified 2016-01-10
    plugin id 81477
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81477
    title Scientific Linux Security Update : samba on SL5.x i386
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-179.NASL
    description samba was updated to fix two security issues. These security issues were fixed : - CVE-2015-0240: Ensure we don't call talloc_free on an uninitialized pointer (bnc#917376). - CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allowed remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (bnc#914279). Several non-security issues were fixed, please refer to the changes file.
    last seen 2018-09-01
    modified 2016-01-10
    plugin id 81561
    published 2015-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81561
    title openSUSE Security Update : samba (openSUSE-2015-179)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_SAMBA-20150217-150217.NASL
    description Samba has been updated to fix one security issue : - Don't call talloc_free on an uninitialized pointer (bnc#917376). Additionally, these non-security issues have been fixed :. (CVE-2015-0240) - Realign the winbind request structure following require_membership_of field expansion. (bnc#913001) - Reuse connections derived from DFS referrals (bso#10123, fate#316512). - Set domain/workgroup based on authentication callback value (bso#11059). - Fix spoolss error response marshalling (bso#10984). - Fix spoolss EnumJobs and GetJob responses (bso#10905, bnc#898031). - Fix handling of bad EnumJobs levels (bso#10898). - Fix small memory-leak in the background print process;. (bnc#899558) - Prune idle or hung connections older than 'winbind request timeout' (bso#3204, bnc#872912).
    last seen 2018-09-02
    modified 2016-01-10
    plugin id 81508
    published 2015-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81508
    title SuSE 11.3 Security Update : Samba (SAT Patch Number 10321)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0250.NASL
    description From Red Hat Security Advisory 2015:0250 : Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-09-01
    modified 2018-07-18
    plugin id 81465
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81465
    title Oracle Linux 6 : samba4 (ELSA-2015-0250)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150223_SAMBA_ON_SL7_X.NASL
    description An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically.
    last seen 2018-09-02
    modified 2016-01-10
    plugin id 81479
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81479
    title Scientific Linux Security Update : samba on SL7.x x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150223_SAMBA4_ON_SL6_X.NASL
    description An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically.
    last seen 2018-09-01
    modified 2016-01-10
    plugin id 81476
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81476
    title Scientific Linux Security Update : samba4 on SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0249.NASL
    description From Red Hat Security Advisory 2015:0249 : Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-09-01
    modified 2018-07-18
    plugin id 81464
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81464
    title Oracle Linux 5 : samba3x (ELSA-2015-0249)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-081.NASL
    description Updated samba packages fix security vulnerabilities : An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240).
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 82334
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82334
    title Mandriva Linux Security Advisory : samba (MDVSA-2015:081)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-156.NASL
    description Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. For the oldstable distribution (squeeze), this problem has been fixed in version 2:3.5.6~dfsg-3squeeze12. For the stable distribution (wheezy), this problem has been fixed in version 2:3.6.6-6+deb7u5. We recommend that you upgrade your samba packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-06
    plugin id 82139
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82139
    title Debian DLA-156-1 : samba security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150223_SAMBA_ON_SL6_X.NASL
    description An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically.
    last seen 2018-09-01
    modified 2016-01-10
    plugin id 81478
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81478
    title Scientific Linux Security Update : samba on SL6.x, SL7.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0251.NASL
    description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 81442
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81442
    title CentOS 6 : samba (CESA-2015:0251)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0252.NASL
    description From Red Hat Security Advisory 2015:0252 : Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-09-01
    modified 2018-07-18
    plugin id 81467
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81467
    title Oracle Linux 7 : samba (ELSA-2015-0252)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201502-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201502-15 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, bypass intended file restrictions, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2018-09-01
    modified 2016-01-10
    plugin id 81536
    published 2015-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81536
    title GLSA-201502-15 : Samba: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-083.NASL
    description Multiple vulnerabilities has been discovered and corrected in samba4 : Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (CVE-2014-8143). An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240). The updated packages provides a solution for these security issues.
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 82336
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82336
    title Mandriva Linux Security Advisory : samba4 (MDVSA-2015:083)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0250.NASL
    description Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 81441
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81441
    title CentOS 6 : samba4 (CESA-2015:0250)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0249.NASL
    description Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 81440
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81440
    title CentOS 5 : samba3x (CESA-2015:0249)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0250.NASL
    description Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 81469
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81469
    title RHEL 6 : samba4 (RHSA-2015:0250)
  • NASL family Misc.
    NASL id SAMBA_4_1_17.NASL
    description According to its banner, the version of Samba running on the remote host is 3.5.x prior to 3.5.22, 3.6.x prior to 3.6.25, 4.0.x prior to 4.0.25, or 4.1.x prior to 4.1.17. It is, therefore, affected by a remote code execution vulnerability in the TALLOC_FREE() function of 'rpc_server/netlogon/srv_netlog_nt.c'. A remote attacker, using a specially crafted sequence of packets followed by a subsequent anonymous netlogon packet, can execute arbitrary code as the root user. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 81485
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81485
    title Samba 3.5.x < 3.5.22 / 3.6.x < 3.6.25 / 4.0.x < 4.0.25 / 4.1.x < 4.1.17 TALLOC_FREE() RCE
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0251.NASL
    description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 81470
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81470
    title RHEL 6 : samba (RHSA-2015:0251)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0256.NASL
    description Updated samba packages that fix one security issue are now available for Red Hat Storage 3. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 81475
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81475
    title RHEL 6 : Storage Server (RHSA-2015:0256)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0253.NASL
    description Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 81472
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81472
    title RHEL 5 : samba3x (RHSA-2015:0253)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3171.NASL
    description Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 81450
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81450
    title Debian DSA-3171-1 : samba - security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_996C219CBBB111E488AED050992ECDE8.NASL
    description Samba development team reports : All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 81463
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81463
    title FreeBSD : samba -- Unexpected code execution in smbd (996c219c-bbb1-11e4-88ae-d050992ecde8)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0249.NASL
    description Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 81468
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81468
    title RHEL 5 : samba3x (RHSA-2015:0249)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0252.NASL
    description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 81443
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81443
    title CentOS 7 : samba (CESA-2015:0252)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0252.NASL
    description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 81471
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81471
    title RHEL 7 : samba (RHSA-2015:0252)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0251.NASL
    description From Red Hat Security Advisory 2015:0251 : Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-09-01
    modified 2018-07-18
    plugin id 81466
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81466
    title Oracle Linux 6 : samba (ELSA-2015-0251)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0255.NASL
    description Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-12-08
    modified 2018-12-07
    plugin id 81474
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81474
    title RHEL 6 : samba4 (RHSA-2015:0255)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0353-1.NASL
    description samba was updated to fix one security issue. This security issue was fixed : - CVE-2015-0240: Don't call talloc_free on an uninitialized pointer (bnc#917376). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-30
    modified 2018-11-29
    plugin id 83687
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83687
    title SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2015:0353-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-082.NASL
    description Updated samba packages fix security vulnerabilities : In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication (CVE-2013-4496). Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS ame service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240).
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 82335
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82335
    title Mandriva Linux Security Advisory : samba (MDVSA-2015:082)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2508-1.NASL
    description Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-12-01
    plugin id 81483
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81483
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : samba vulnerability (USN-2508-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0254.NASL
    description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2018-12-08
    modified 2018-12-07
    plugin id 81473
    published 2015-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81473
    title RHEL 6 : samba (RHSA-2015:0254)
redhat via4
advisories
  • bugzilla
    id 1191325
    title CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment samba3x is earlier than 0:3.6.23-9.el5_11
          oval oval:com.redhat.rhsa:tst:20150249002
        • comment samba3x is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488029
      • AND
        • comment samba3x-client is earlier than 0:3.6.23-9.el5_11
          oval oval:com.redhat.rhsa:tst:20150249012
        • comment samba3x-client is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488043
      • AND
        • comment samba3x-common is earlier than 0:3.6.23-9.el5_11
          oval oval:com.redhat.rhsa:tst:20150249004
        • comment samba3x-common is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488031
      • AND
        • comment samba3x-doc is earlier than 0:3.6.23-9.el5_11
          oval oval:com.redhat.rhsa:tst:20150249016
        • comment samba3x-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488035
      • AND
        • comment samba3x-domainjoin-gui is earlier than 0:3.6.23-9.el5_11
          oval oval:com.redhat.rhsa:tst:20150249006
        • comment samba3x-domainjoin-gui is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488041
      • AND
        • comment samba3x-swat is earlier than 0:3.6.23-9.el5_11
          oval oval:com.redhat.rhsa:tst:20150249008
        • comment samba3x-swat is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488045
      • AND
        • comment samba3x-winbind is earlier than 0:3.6.23-9.el5_11
          oval oval:com.redhat.rhsa:tst:20150249010
        • comment samba3x-winbind is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488053
      • AND
        • comment samba3x-winbind-devel is earlier than 0:3.6.23-9.el5_11
          oval oval:com.redhat.rhsa:tst:20150249014
        • comment samba3x-winbind-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488047
    rhsa
    id RHSA-2015:0249
    released 2015-02-23
    severity Critical
    title RHSA-2015:0249: samba3x security update (Critical)
  • bugzilla
    id 1191325
    title CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment samba4 is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250005
        • comment samba4 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506006
      • AND
        • comment samba4-client is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250017
        • comment samba4-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506014
      • AND
        • comment samba4-common is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250013
        • comment samba4-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506022
      • AND
        • comment samba4-dc is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250019
        • comment samba4-dc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506020
      • AND
        • comment samba4-dc-libs is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250009
        • comment samba4-dc-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506028
      • AND
        • comment samba4-devel is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250027
        • comment samba4-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506026
      • AND
        • comment samba4-libs is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250025
        • comment samba4-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506010
      • AND
        • comment samba4-pidl is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250011
        • comment samba4-pidl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506032
      • AND
        • comment samba4-python is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250015
        • comment samba4-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506030
      • AND
        • comment samba4-swat is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250021
        • comment samba4-swat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506016
      • AND
        • comment samba4-test is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250023
        • comment samba4-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506008
      • AND
        • comment samba4-winbind is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250031
        • comment samba4-winbind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506024
      • AND
        • comment samba4-winbind-clients is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250007
        • comment samba4-winbind-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506012
      • AND
        • comment samba4-winbind-krb5-locator is earlier than 0:4.0.0-66.el6_6.rc4
          oval oval:com.redhat.rhsa:tst:20150250029
        • comment samba4-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506018
    rhsa
    id RHSA-2015:0250
    released 2015-02-23
    severity Critical
    title RHSA-2015:0250: samba4 security update (Critical)
  • bugzilla
    id 1191325
    title CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libsmbclient is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251007
        • comment libsmbclient is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860012
      • AND
        • comment libsmbclient-devel is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251027
        • comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860022
      • AND
        • comment samba is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251005
        • comment samba is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860006
      • AND
        • comment samba-client is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251023
        • comment samba-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860014
      • AND
        • comment samba-common is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251009
        • comment samba-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860016
      • AND
        • comment samba-doc is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251011
        • comment samba-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860026
      • AND
        • comment samba-domainjoin-gui is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251019
        • comment samba-domainjoin-gui is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860024
      • AND
        • comment samba-glusterfs is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251029
        • comment samba-glusterfs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150251030
      • AND
        • comment samba-swat is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251025
        • comment samba-swat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860008
      • AND
        • comment samba-winbind is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251013
        • comment samba-winbind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860010
      • AND
        • comment samba-winbind-clients is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251017
        • comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860020
      • AND
        • comment samba-winbind-devel is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251015
        • comment samba-winbind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860018
      • AND
        • comment samba-winbind-krb5-locator is earlier than 0:3.6.23-14.el6_6
          oval oval:com.redhat.rhsa:tst:20150251021
        • comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111221018
    rhsa
    id RHSA-2015:0251
    released 2015-02-23
    severity Critical
    title RHSA-2015:0251: samba security update (Critical)
  • bugzilla
    id 1191325
    title CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment libsmbclient is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252029
        • comment libsmbclient is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860012
      • AND
        • comment libsmbclient-devel is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252027
        • comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860022
      • AND
        • comment libwbclient is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252021
        • comment libwbclient is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867026
      • AND
        • comment libwbclient-devel is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252025
        • comment libwbclient-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867008
      • AND
        • comment samba is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252005
        • comment samba is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860006
      • AND
        • comment samba-client is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252007
        • comment samba-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860014
      • AND
        • comment samba-common is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252023
        • comment samba-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860016
      • AND
        • comment samba-dc is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252033
        • comment samba-dc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867028
      • AND
        • comment samba-dc-libs is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252017
        • comment samba-dc-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867014
      • AND
        • comment samba-devel is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252037
        • comment samba-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867020
      • AND
        • comment samba-libs is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252009
        • comment samba-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867024
      • AND
        • comment samba-pidl is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252031
        • comment samba-pidl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867022
      • AND
        • comment samba-python is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252011
        • comment samba-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867010
      • AND
        • comment samba-test is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252013
        • comment samba-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867040
      • AND
        • comment samba-test-devel is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252015
        • comment samba-test-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867030
      • AND
        • comment samba-vfs-glusterfs is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252043
        • comment samba-vfs-glusterfs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867044
      • AND
        • comment samba-winbind is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252041
        • comment samba-winbind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860010
      • AND
        • comment samba-winbind-clients is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252039
        • comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860020
      • AND
        • comment samba-winbind-krb5-locator is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252019
        • comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111221018
      • AND
        • comment samba-winbind-modules is earlier than 0:4.1.1-38.el7_0
          oval oval:com.redhat.rhsa:tst:20150252035
        • comment samba-winbind-modules is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867016
    rhsa
    id RHSA-2015:0252
    released 2015-02-23
    severity Important
    title RHSA-2015:0252: samba security update (Important)
  • rhsa
    id RHSA-2015:0253
  • rhsa
    id RHSA-2015:0254
  • rhsa
    id RHSA-2015:0255
  • rhsa
    id RHSA-2015:0256
  • rhsa
    id RHSA-2015:0257
rpms
  • samba3x-0:3.6.23-9.el5_11
  • samba3x-client-0:3.6.23-9.el5_11
  • samba3x-common-0:3.6.23-9.el5_11
  • samba3x-doc-0:3.6.23-9.el5_11
  • samba3x-domainjoin-gui-0:3.6.23-9.el5_11
  • samba3x-swat-0:3.6.23-9.el5_11
  • samba3x-winbind-0:3.6.23-9.el5_11
  • samba3x-winbind-devel-0:3.6.23-9.el5_11
  • samba4-0:4.0.0-66.el6_6.rc4
  • samba4-client-0:4.0.0-66.el6_6.rc4
  • samba4-common-0:4.0.0-66.el6_6.rc4
  • samba4-dc-0:4.0.0-66.el6_6.rc4
  • samba4-dc-libs-0:4.0.0-66.el6_6.rc4
  • samba4-devel-0:4.0.0-66.el6_6.rc4
  • samba4-libs-0:4.0.0-66.el6_6.rc4
  • samba4-pidl-0:4.0.0-66.el6_6.rc4
  • samba4-python-0:4.0.0-66.el6_6.rc4
  • samba4-swat-0:4.0.0-66.el6_6.rc4
  • samba4-test-0:4.0.0-66.el6_6.rc4
  • samba4-winbind-0:4.0.0-66.el6_6.rc4
  • samba4-winbind-clients-0:4.0.0-66.el6_6.rc4
  • samba4-winbind-krb5-locator-0:4.0.0-66.el6_6.rc4
  • libsmbclient-0:3.6.23-14.el6_6
  • libsmbclient-devel-0:3.6.23-14.el6_6
  • samba-0:3.6.23-14.el6_6
  • samba-client-0:3.6.23-14.el6_6
  • samba-common-0:3.6.23-14.el6_6
  • samba-doc-0:3.6.23-14.el6_6
  • samba-domainjoin-gui-0:3.6.23-14.el6_6
  • samba-glusterfs-0:3.6.23-14.el6_6
  • samba-swat-0:3.6.23-14.el6_6
  • samba-winbind-0:3.6.23-14.el6_6
  • samba-winbind-clients-0:3.6.23-14.el6_6
  • samba-winbind-devel-0:3.6.23-14.el6_6
  • samba-winbind-krb5-locator-0:3.6.23-14.el6_6
  • libsmbclient-0:4.1.1-38.el7_0
  • libsmbclient-devel-0:4.1.1-38.el7_0
  • libwbclient-0:4.1.1-38.el7_0
  • libwbclient-devel-0:4.1.1-38.el7_0
  • samba-0:4.1.1-38.el7_0
  • samba-client-0:4.1.1-38.el7_0
  • samba-common-0:4.1.1-38.el7_0
  • samba-dc-0:4.1.1-38.el7_0
  • samba-dc-libs-0:4.1.1-38.el7_0
  • samba-devel-0:4.1.1-38.el7_0
  • samba-libs-0:4.1.1-38.el7_0
  • samba-pidl-0:4.1.1-38.el7_0
  • samba-python-0:4.1.1-38.el7_0
  • samba-test-0:4.1.1-38.el7_0
  • samba-test-devel-0:4.1.1-38.el7_0
  • samba-vfs-glusterfs-0:4.1.1-38.el7_0
  • samba-winbind-0:4.1.1-38.el7_0
  • samba-winbind-clients-0:4.1.1-38.el7_0
  • samba-winbind-krb5-locator-0:4.1.1-38.el7_0
  • samba-winbind-modules-0:4.1.1-38.el7_0
refmap via4
bid 72711
confirm
debian DSA-3171
gentoo GLSA-201502-15
hp
  • HPSBGN03288
  • HPSBUX03320
  • SSRT101952
  • SSRT101979
mandriva
  • MDVSA-2015:081
  • MDVSA-2015:082
sectrack 1031783
slackware SSA:2015-064-01
suse
  • SUSE-SU-2015:0353
  • SUSE-SU-2015:0371
  • SUSE-SU-2015:0386
  • openSUSE-SU-2015:0375
  • openSUSE-SU-2016:1064
  • openSUSE-SU-2016:1106
  • openSUSE-SU-2016:1107
ubuntu USN-2508-1
the hacker news via4
id THN:EC707FA03C4266A554099062CA89FF0E
last seen 2018-01-27
modified 2015-02-24
published 2015-02-24
reporter Swati Khandelwal
source https://thehackernews.com/2015/02/samba-service-hit-by-remote-code.html
title Samba Service Hit By Remote Code Execution Vulnerability
Last major update 07-12-2016 - 22:06
Published 23-02-2015 - 20:59
Back to Top