CVE-2015-0240 — HIGH (10.0)

Vulnerability Description

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux	5
Samba	Samba	3.5.0
Novell	Suse Linux Enterprise Desktop	12
Novell	Suse Linux Enterprise Server	12
Novell	Suse Linux Enterprise Software Development Kit	12
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-17

References

FAQ

What is CVE-2015-0240?

CVE-2015-0240 is a vulnerability with a CVSS score of 10.0 (HIGH). The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized sta...

How severe is CVE-2015-0240?

CVE-2015-0240 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0240?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Samba Samba, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Server, Novell Suse Linux Enterprise Software Development Kit.