CVE-2015-0240

Impact:
Critical
Public Date:
2015-02-23
CWE:
CWE-119
Bugzilla:
1191325: CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution
An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).

Find out more about CVE-2015-0240 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the version of samba package as shipped with Red Hat Enterprise Linux 4 and 5. It does affect the version of samba as shipped with Red Hat Enterprise Linux 6 and 7, as well as the version of samba3x shipped with Red Hat Enterprise Linux 5 and the version of samba4 as shipped with Red Hat Enterprise Linux 6.

Red Hat Product Security has determined that this vulnerability has Important impact on Red Hat Enterprise Linux 7 because the Samba version shipped in this version of the operating system only executes the vulnerable code after a memory allocation failure, making it more difficult to exploit this flaw.

CVSS v2 metrics

Base Score 7.9
Base Metrics AV:A/AC:M/Au:N/C:C/I:C/A:C
Access Vector Adjacent Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Long Life (v. 5.6 server) (samba3x) RHSA-2015:0253 2015-02-23
Red Hat Enterprise Linux Extended Update Support 6.4 (samba4) RHSA-2015:0255 2015-02-23
Red Hat Enterprise Linux 6 (samba) RHSA-2015:0251 2015-02-23
Red Hat Enterprise Linux 7 (samba) RHSA-2015:0252 2015-02-23
Red Hat Enterprise Linux EUS (v. 5.9 server) (samba3x) RHSA-2015:0253 2015-02-23
Red Hat Enterprise Linux Extended Update Support 6.4 (samba) RHSA-2015:0254 2015-02-23
Red Hat Enterprise Linux 6 (samba4) RHSA-2015:0250 2015-02-23
Red Hat Enterprise Linux 5 (samba3x) RHSA-2015:0249 2015-02-23
Red Hat Storage Server 3 (samba) RHSA-2015:0256 2015-02-23
Red Hat Enterprise Linux Advanced Update Support 6.2 (samba) RHSA-2015:0254 2015-02-23
Red Hat Enterprise Linux Extended Update Support 6.5 (samba4) RHSA-2015:0255 2015-02-23
Red Hat Enterprise Linux Extended Update Support 6.5 (samba) RHSA-2015:0254 2015-02-23
Red Hat Storage Server 2.1 (samba) RHSA-2015:0257 2015-02-23

Affected Packages State

Platform Package State
Red Hat Gluster Storage 3.0 samba Affected
Red Hat Enterprise Linux 5 samba Not affected
Red Hat Enterprise Linux 4 samba Not affected

Acknowledgements

Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue.

Mitigation

On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available.

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.