Vulnerabilities > CVE-2015-0240 - Code vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
redhat
samba
novell
canonical
CWE-17
nessus
exploit available
metasploit

Summary

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Vulnerable Configurations

Part Description Count
OS
Redhat
3
OS
Novell
3
OS
Canonical
3
Application
Samba
87

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionSamba < 3.6.2 x86 - PoC. CVE-2015-0240. Dos exploit for linux platform
fileexploits/linux_x86/dos/36741.py
idEDB-ID:36741
last seen2016-02-04
modified2015-04-13
platformlinux_x86
port
published2015-04-13
reportersleepya
sourcehttps://www.exploit-db.com/download/36741/
titleSamba < 3.6.2 x86 - PoC
typedos

Metasploit

descriptionThis module checks if a Samba target is vulnerable to an uninitialized variable creds vulnerability.
idMSF:AUXILIARY/SCANNER/SMB/SMB_UNINIT_CRED
last seen2019-11-13
modified2019-03-05
published2015-03-05
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/smb/smb_uninit_cred.rb
titleSamba _netr_ServerPasswordSet Uninitialized Credential State

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-083.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in samba4 : Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (CVE-2014-8143). An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240). The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id82336
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82336
    titleMandriva Linux Security Advisory : samba4 (MDVSA-2015:083)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2015:083. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82336);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:56");
    
      script_cve_id("CVE-2014-8143", "CVE-2015-0240");
      script_xref(name:"MDVSA", value:"2015:083");
    
      script_name(english:"Mandriva Linux Security Advisory : samba4 (MDVSA-2015:083)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been discovered and corrected in samba4 :
    
    Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before
    4.2rc4, when an Active Directory Domain Controller (AD DC) is
    configured, allows remote authenticated users to set the LDB
    userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain
    privileges, by leveraging delegation of authority for user-account or
    computer-account creation (CVE-2014-8143).
    
    An uninitialized pointer use flaw was found in the Samba daemon
    (smbd). A malicious Samba client could send specially crafted netlogon
    packets that, when processed by smbd, could potentially lead to
    arbitrary code execution with the privileges of the user running smbd
    (by default, the root user) (CVE-2015-0240).
    
    The updated packages provides a solution for these security issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/history/samba-4.1.15.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/history/samba-4.1.16.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/history/samba-4.1.17.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2014-8143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2015-0240"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-dc0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-smbclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-smbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-test-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-test0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-wbclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-wbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba41");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-samba4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-dc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-pidl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-vfs-glusterfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-winbind-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-winbind-krb5-locator");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-winbind-modules");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-dc0-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-devel-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-smbclient-devel-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-smbclient0-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-test-devel-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-test0-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-wbclient-devel-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-wbclient0-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba41-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"python-samba4-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-client-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-common-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-dc-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", reference:"samba4-pidl-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-test-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-vfs-glusterfs-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-winbind-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-winbind-clients-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-winbind-krb5-locator-4.1.17-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-winbind-modules-4.1.17-1.mbs2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0253.NASL
    descriptionUpdated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81472
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81472
    titleRHEL 5 : samba3x (RHSA-2015:0253)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0253. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81472);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2015-0240");
      script_bugtraq_id(72711);
      script_xref(name:"RHSA", value:"2015:0253");
    
      script_name(english:"RHEL 5 : samba3x (RHSA-2015:0253)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated samba3x packages that fix one security issue are now available
    for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise
    Linux 5.9 Extended Update Support.
    
    Red Hat Product Security has rated this update as having Critical
    security impact. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available from the
    CVE link in the References section.
    
    Samba is an open source implementation of the Server Message Block
    (SMB) or Common Internet File System (CIFS) protocol, which allows
    PC-compatible machines to share files, printers, and other
    information.
    
    An uninitialized pointer use flaw was found in the Samba daemon
    (smbd). A malicious Samba client could send specially crafted netlogon
    packets that, when processed by smbd, could potentially lead to
    arbitrary code execution with the privileges of the user running smbd
    (by default, the root user). (CVE-2015-0240)
    
    For additional information about this flaw, see the Knowledgebase
    article at https://access.redhat.com/articles/1346913
    
    Red Hat would like to thank the Samba project for reporting this
    issue. Upstream acknowledges Richard van Eeden of Microsoft
    Vulnerability Research as the original reporter of this issue.
    
    All Samba users are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue. After
    installing this update, the smb service will be restarted
    automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/articles/1346913"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:0253"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-0240"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-swat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^(5\.6|5\.9)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.6 / 5.9", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:0253";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {  sp = get_kb_item("Host/RedHat/minor_release");
      if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    
      flag = 0;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-client-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-client-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-client-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-client-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-client-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-common-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-common-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-common-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-common-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-common-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", reference:"samba3x-debuginfo-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-debuginfo-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-debuginfo-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-doc-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-doc-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-doc-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-doc-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-doc-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-domainjoin-gui-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-domainjoin-gui-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-domainjoin-gui-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-domainjoin-gui-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-domainjoin-gui-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-swat-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-swat-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-swat-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-swat-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-swat-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", reference:"samba3x-winbind-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-winbind-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-winbind-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", reference:"samba3x-winbind-devel-3.6.6-0.131.el5_9")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-winbind-devel-3.5.4-0.70.el5_6.4")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-winbind-devel-3.5.4-0.70.el5_6.4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150223_SAMBA_ON_SL6_X.NASL
    descriptionAn uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically.
    last seen2020-03-18
    modified2015-02-24
    plugin id81478
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81478
    titleScientific Linux Security Update : samba on SL6.x, SL7.x i386/x86_64 (20150223)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-2538.NASL
    descriptionUpdate to Samba 4.1.17 to address CVE-2015-0240 - RCE in netlogon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-02-26
    plugin id81533
    published2015-02-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81533
    titleFedora 21 : samba-4.1.17-1.fc21 (2015-2538)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0251.NASL
    descriptionUpdated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81442
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81442
    titleCentOS 6 : samba (CESA-2015:0251)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0353-1.NASL
    descriptionsamba was updated to fix one security issue. This security issue was fixed : - CVE-2015-0240: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id83687
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83687
    titleSUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2015:0353-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_SAMBA-20150217-150217.NASL
    descriptionSamba has been updated to fix one security issue : - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id81508
    published2015-02-25
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81508
    titleSuSE 11.3 Security Update : Samba (SAT Patch Number 10321)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0250.NASL
    descriptionUpdated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81441
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81441
    titleCentOS 6 : samba4 (CESA-2015:0250)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0255.NASL
    descriptionUpdated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81474
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81474
    titleRHEL 6 : samba4 (RHSA-2015:0255)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-082.NASL
    descriptionUpdated samba packages fix security vulnerabilities : In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication (CVE-2013-4496). Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS ame service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240).
    last seen2020-06-01
    modified2020-06-02
    plugin id82335
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82335
    titleMandriva Linux Security Advisory : samba (MDVSA-2015:082)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0251.NASL
    descriptionUpdated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81470
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81470
    titleRHEL 6 : samba (RHSA-2015:0251)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-2519.NASL
    descriptionUpdate to Samba 4.1.17 to address CVE-2015-0240 - RCE in netlogon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-02-26
    plugin id81532
    published2015-02-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81532
    titleFedora 20 : samba-4.1.17-1.fc20 (2015-2519)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150223_SAMBA_ON_SL7_X.NASL
    descriptionAn uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically.
    last seen2020-03-18
    modified2015-02-24
    plugin id81479
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81479
    titleScientific Linux Security Update : samba on SL7.x x86_64 (20150223)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150223_SAMBA4_ON_SL6_X.NASL
    descriptionAn uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically.
    last seen2020-03-18
    modified2015-02-24
    plugin id81476
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81476
    titleScientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20150223)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150223_SAMBA_ON_SL5_X.NASL
    descriptionAn uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically.
    last seen2020-03-18
    modified2015-02-24
    plugin id81477
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81477
    titleScientific Linux Security Update : samba on SL5.x i386 (20150223)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0252.NASL
    descriptionUpdated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81471
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81471
    titleRHEL 7 : samba (RHSA-2015:0252)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0249.NASL
    descriptionFrom Red Hat Security Advisory 2015:0249 : Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81464
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81464
    titleOracle Linux 5 : samba3x (ELSA-2015-0249)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2015-064-01.NASL
    descriptionNew samba packages are available for Slackware 14.1 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id81653
    published2015-03-06
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81653
    titleSlackware 14.1 / current : samba (SSA:2015-064-01)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-462.NASL
    descriptionsamba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118:
    last seen2020-06-05
    modified2016-04-18
    plugin id90558
    published2016-04-18
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90558
    titleopenSUSE Security Update : samba (openSUSE-2016-462) (Badlock)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-490.NASL
    descriptionThis update fixes these security vulnerabilities : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2114:
    last seen2020-06-05
    modified2016-04-21
    plugin id90609
    published2016-04-21
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90609
    titleopenSUSE Security Update : samba (openSUSE-2016-490) (Badlock)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0252.NASL
    descriptionUpdated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81443
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81443
    titleCentOS 7 : samba (CESA-2015:0252)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-156.NASL
    descriptionRichard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. For the oldstable distribution (squeeze), this problem has been fixed in version 2:3.5.6~dfsg-3squeeze12. For the stable distribution (wheezy), this problem has been fixed in version 2:3.6.6-6+deb7u5. We recommend that you upgrade your samba packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82139
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82139
    titleDebian DLA-156-1 : samba security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0251.NASL
    descriptionFrom Red Hat Security Advisory 2015:0251 : Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81466
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81466
    titleOracle Linux 6 : samba (ELSA-2015-0251)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0256.NASL
    descriptionUpdated samba packages that fix one security issue are now available for Red Hat Storage 3. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81475
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81475
    titleRHEL 6 : Storage Server (RHSA-2015:0256)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0249.NASL
    descriptionUpdated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81468
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81468
    titleRHEL 5 : samba3x (RHSA-2015:0249)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_996C219CBBB111E488AED050992ECDE8.NASL
    descriptionSamba development team reports : All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id81463
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81463
    titleFreeBSD : samba -- Unexpected code execution in smbd (996c219c-bbb1-11e4-88ae-d050992ecde8)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201502-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201502-15 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, bypass intended file restrictions, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id81536
    published2015-02-26
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81536
    titleGLSA-201502-15 : Samba: Multiple vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-081.NASL
    descriptionUpdated samba packages fix security vulnerabilities : An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240).
    last seen2020-06-01
    modified2020-06-02
    plugin id82334
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82334
    titleMandriva Linux Security Advisory : samba (MDVSA-2015:081)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0250.NASL
    descriptionUpdated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81469
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81469
    titleRHEL 6 : samba4 (RHSA-2015:0250)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0254.NASL
    descriptionUpdated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81473
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81473
    titleRHEL 6 : samba (RHSA-2015:0254)
  • NASL familyMisc.
    NASL idSAMBA_4_1_17.NASL
    descriptionAccording to its banner, the version of Samba running on the remote host is 3.5.x prior to 3.5.22, 3.6.x prior to 3.6.25, 4.0.x prior to 4.0.25, or 4.1.x prior to 4.1.17. It is, therefore, affected by a remote code execution vulnerability in the TALLOC_FREE() function of
    last seen2020-06-01
    modified2020-06-02
    plugin id81485
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81485
    titleSamba 3.5.x < 3.5.22 / 3.6.x < 3.6.25 / 4.0.x < 4.0.25 / 4.1.x < 4.1.17 TALLOC_FREE() RCE
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0249.NASL
    descriptionUpdated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81440
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81440
    titleCentOS 5 : samba3x (CESA-2015:0249)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-179.NASL
    descriptionsamba was updated to fix two security issues. These security issues were fixed : - CVE-2015-0240: Ensure we don
    last seen2020-06-05
    modified2015-02-27
    plugin id81561
    published2015-02-27
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81561
    titleopenSUSE Security Update : samba (openSUSE-2015-179)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0252.NASL
    descriptionFrom Red Hat Security Advisory 2015:0252 : Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81467
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81467
    titleOracle Linux 7 : samba (ELSA-2015-0252)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2508-1.NASL
    descriptionRichard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id81483
    published2015-02-24
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81483
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 : samba vulnerability (USN-2508-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3171.NASL
    descriptionRichard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection.
    last seen2020-03-17
    modified2015-02-24
    plugin id81450
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81450
    titleDebian DSA-3171-1 : samba - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0250.NASL
    descriptionFrom Red Hat Security Advisory 2015:0250 : Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id81465
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81465
    titleOracle Linux 6 : samba4 (ELSA-2015-0250)

Redhat

advisories
  • bugzilla
    id1191325
    titleCVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentsamba3x is earlier than 0:3.6.23-9.el5_11
            ovaloval:com.redhat.rhsa:tst:20150249001
          • commentsamba3x is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20110054004
        • AND
          • commentsamba3x-client is earlier than 0:3.6.23-9.el5_11
            ovaloval:com.redhat.rhsa:tst:20150249003
          • commentsamba3x-client is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20110054006
        • AND
          • commentsamba3x-winbind is earlier than 0:3.6.23-9.el5_11
            ovaloval:com.redhat.rhsa:tst:20150249005
          • commentsamba3x-winbind is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20110054014
        • AND
          • commentsamba3x-domainjoin-gui is earlier than 0:3.6.23-9.el5_11
            ovaloval:com.redhat.rhsa:tst:20150249007
          • commentsamba3x-domainjoin-gui is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20110054010
        • AND
          • commentsamba3x-swat is earlier than 0:3.6.23-9.el5_11
            ovaloval:com.redhat.rhsa:tst:20150249009
          • commentsamba3x-swat is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20110054008
        • AND
          • commentsamba3x-winbind-devel is earlier than 0:3.6.23-9.el5_11
            ovaloval:com.redhat.rhsa:tst:20150249011
          • commentsamba3x-winbind-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20110054016
        • AND
          • commentsamba3x-common is earlier than 0:3.6.23-9.el5_11
            ovaloval:com.redhat.rhsa:tst:20150249013
          • commentsamba3x-common is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20110054002
        • AND
          • commentsamba3x-doc is earlier than 0:3.6.23-9.el5_11
            ovaloval:com.redhat.rhsa:tst:20150249015
          • commentsamba3x-doc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20110054012
    rhsa
    idRHSA-2015:0249
    released2015-02-23
    severityCritical
    titleRHSA-2015:0249: samba3x security update (Critical)
  • bugzilla
    id1191325
    titleCVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentsamba4-dc-libs is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250001
          • commentsamba4-dc-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506004
        • AND
          • commentsamba4-pidl is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250003
          • commentsamba4-pidl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506008
        • AND
          • commentsamba4-client is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250005
          • commentsamba4-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506002
        • AND
          • commentsamba4 is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250007
          • commentsamba4 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506006
        • AND
          • commentsamba4-devel is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250009
          • commentsamba4-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506020
        • AND
          • commentsamba4-dc is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250011
          • commentsamba4-dc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506016
        • AND
          • commentsamba4-winbind-krb5-locator is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250013
          • commentsamba4-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506018
        • AND
          • commentsamba4-libs is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250015
          • commentsamba4-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506014
        • AND
          • commentsamba4-python is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250017
          • commentsamba4-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506024
        • AND
          • commentsamba4-test is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250019
          • commentsamba4-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506012
        • AND
          • commentsamba4-winbind is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250021
          • commentsamba4-winbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506026
        • AND
          • commentsamba4-swat is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250023
          • commentsamba4-swat is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506010
        • AND
          • commentsamba4-common is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250025
          • commentsamba4-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506028
        • AND
          • commentsamba4-winbind-clients is earlier than 0:4.0.0-66.el6_6.rc4
            ovaloval:com.redhat.rhsa:tst:20150250027
          • commentsamba4-winbind-clients is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506022
    rhsa
    idRHSA-2015:0250
    released2015-02-23
    severityCritical
    titleRHSA-2015:0250: samba4 security update (Critical)
  • bugzilla
    id1191325
    titleCVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentsamba-winbind is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251001
          • commentsamba-winbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258010
        • AND
          • commentsamba-winbind-clients is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251003
          • commentsamba-winbind-clients is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258018
        • AND
          • commentsamba-client is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251005
          • commentsamba-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258014
        • AND
          • commentsamba is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251007
          • commentsamba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258022
        • AND
          • commentsamba-common is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251009
          • commentsamba-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258006
        • AND
          • commentlibsmbclient is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251011
          • commentlibsmbclient is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258012
        • AND
          • commentsamba-winbind-devel is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251013
          • commentsamba-winbind-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100860014
        • AND
          • commentsamba-domainjoin-gui is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251015
          • commentsamba-domainjoin-gui is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100860002
        • AND
          • commentsamba-swat is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251017
          • commentsamba-swat is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100860010
        • AND
          • commentlibsmbclient-devel is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251019
          • commentlibsmbclient-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258034
        • AND
          • commentsamba-doc is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251021
          • commentsamba-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100860008
        • AND
          • commentsamba-winbind-krb5-locator is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251023
          • commentsamba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258004
        • AND
          • commentsamba-glusterfs is earlier than 0:3.6.23-14.el6_6
            ovaloval:com.redhat.rhsa:tst:20150251025
          • commentsamba-glusterfs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150251026
    rhsa
    idRHSA-2015:0251
    released2015-02-23
    severityCritical
    titleRHSA-2015:0251: samba security update (Critical)
  • bugzilla
    id1191325
    titleCVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentsamba-client is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252001
          • commentsamba-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258014
        • AND
          • commentsamba-common is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252003
          • commentsamba-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258006
        • AND
          • commentsamba is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252005
          • commentsamba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258022
        • AND
          • commentlibsmbclient is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252007
          • commentlibsmbclient is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258012
        • AND
          • commentsamba-winbind is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252009
          • commentsamba-winbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258010
        • AND
          • commentlibwbclient is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252011
          • commentlibwbclient is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258016
        • AND
          • commentsamba-winbind-modules is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252013
          • commentsamba-winbind-modules is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258024
        • AND
          • commentsamba-libs is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252015
          • commentsamba-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258008
        • AND
          • commentsamba-python is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252017
          • commentsamba-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258026
        • AND
          • commentsamba-devel is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252019
          • commentsamba-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258038
        • AND
          • commentlibwbclient-devel is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252021
          • commentlibwbclient-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258048
        • AND
          • commentsamba-winbind-clients is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252023
          • commentsamba-winbind-clients is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258018
        • AND
          • commentsamba-test is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252025
          • commentsamba-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258044
        • AND
          • commentsamba-dc is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252027
          • commentsamba-dc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258002
        • AND
          • commentsamba-dc-libs is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252029
          • commentsamba-dc-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258036
        • AND
          • commentsamba-test-devel is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252031
          • commentsamba-test-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258046
        • AND
          • commentsamba-winbind-krb5-locator is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252033
          • commentsamba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258004
        • AND
          • commentlibsmbclient-devel is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252035
          • commentlibsmbclient-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258034
        • AND
          • commentsamba-pidl is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252037
          • commentsamba-pidl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258032
        • AND
          • commentsamba-vfs-glusterfs is earlier than 0:4.1.1-38.el7_0
            ovaloval:com.redhat.rhsa:tst:20150252039
          • commentsamba-vfs-glusterfs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258042
    rhsa
    idRHSA-2015:0252
    released2015-02-23
    severityImportant
    titleRHSA-2015:0252: samba security update (Important)
  • rhsa
    idRHSA-2015:0253
  • rhsa
    idRHSA-2015:0254
  • rhsa
    idRHSA-2015:0255
  • rhsa
    idRHSA-2015:0256
  • rhsa
    idRHSA-2015:0257
rpms
  • samba3x-0:3.6.23-9.el5_11
  • samba3x-client-0:3.6.23-9.el5_11
  • samba3x-common-0:3.6.23-9.el5_11
  • samba3x-debuginfo-0:3.6.23-9.el5_11
  • samba3x-doc-0:3.6.23-9.el5_11
  • samba3x-domainjoin-gui-0:3.6.23-9.el5_11
  • samba3x-swat-0:3.6.23-9.el5_11
  • samba3x-winbind-0:3.6.23-9.el5_11
  • samba3x-winbind-devel-0:3.6.23-9.el5_11
  • samba4-0:4.0.0-66.el6_6.rc4
  • samba4-client-0:4.0.0-66.el6_6.rc4
  • samba4-common-0:4.0.0-66.el6_6.rc4
  • samba4-dc-0:4.0.0-66.el6_6.rc4
  • samba4-dc-libs-0:4.0.0-66.el6_6.rc4
  • samba4-debuginfo-0:4.0.0-66.el6_6.rc4
  • samba4-devel-0:4.0.0-66.el6_6.rc4
  • samba4-libs-0:4.0.0-66.el6_6.rc4
  • samba4-pidl-0:4.0.0-66.el6_6.rc4
  • samba4-python-0:4.0.0-66.el6_6.rc4
  • samba4-swat-0:4.0.0-66.el6_6.rc4
  • samba4-test-0:4.0.0-66.el6_6.rc4
  • samba4-winbind-0:4.0.0-66.el6_6.rc4
  • samba4-winbind-clients-0:4.0.0-66.el6_6.rc4
  • samba4-winbind-krb5-locator-0:4.0.0-66.el6_6.rc4
  • libsmbclient-0:3.6.23-14.el6_6
  • libsmbclient-devel-0:3.6.23-14.el6_6
  • samba-0:3.6.23-14.el6_6
  • samba-client-0:3.6.23-14.el6_6
  • samba-common-0:3.6.23-14.el6_6
  • samba-debuginfo-0:3.6.23-14.el6_6
  • samba-doc-0:3.6.23-14.el6_6
  • samba-domainjoin-gui-0:3.6.23-14.el6_6
  • samba-glusterfs-0:3.6.23-14.el6_6
  • samba-swat-0:3.6.23-14.el6_6
  • samba-winbind-0:3.6.23-14.el6_6
  • samba-winbind-clients-0:3.6.23-14.el6_6
  • samba-winbind-devel-0:3.6.23-14.el6_6
  • samba-winbind-krb5-locator-0:3.6.23-14.el6_6
  • libsmbclient-0:4.1.1-38.el7_0
  • libsmbclient-devel-0:4.1.1-38.el7_0
  • libwbclient-0:4.1.1-38.el7_0
  • libwbclient-devel-0:4.1.1-38.el7_0
  • samba-0:4.1.1-38.el7_0
  • samba-client-0:4.1.1-38.el7_0
  • samba-common-0:4.1.1-38.el7_0
  • samba-dc-0:4.1.1-38.el7_0
  • samba-dc-libs-0:4.1.1-38.el7_0
  • samba-debuginfo-0:4.1.1-38.el7_0
  • samba-devel-0:4.1.1-38.el7_0
  • samba-libs-0:4.1.1-38.el7_0
  • samba-pidl-0:4.1.1-38.el7_0
  • samba-python-0:4.1.1-38.el7_0
  • samba-test-0:4.1.1-38.el7_0
  • samba-test-devel-0:4.1.1-38.el7_0
  • samba-vfs-glusterfs-0:4.1.1-38.el7_0
  • samba-winbind-0:4.1.1-38.el7_0
  • samba-winbind-clients-0:4.1.1-38.el7_0
  • samba-winbind-krb5-locator-0:4.1.1-38.el7_0
  • samba-winbind-modules-0:4.1.1-38.el7_0
  • samba3x-0:3.5.4-0.70.el5_6.4
  • samba3x-0:3.6.6-0.131.el5_9
  • samba3x-client-0:3.5.4-0.70.el5_6.4
  • samba3x-client-0:3.6.6-0.131.el5_9
  • samba3x-common-0:3.5.4-0.70.el5_6.4
  • samba3x-common-0:3.6.6-0.131.el5_9
  • samba3x-debuginfo-0:3.5.4-0.70.el5_6.4
  • samba3x-debuginfo-0:3.6.6-0.131.el5_9
  • samba3x-doc-0:3.5.4-0.70.el5_6.4
  • samba3x-doc-0:3.6.6-0.131.el5_9
  • samba3x-domainjoin-gui-0:3.5.4-0.70.el5_6.4
  • samba3x-domainjoin-gui-0:3.6.6-0.131.el5_9
  • samba3x-swat-0:3.5.4-0.70.el5_6.4
  • samba3x-swat-0:3.6.6-0.131.el5_9
  • samba3x-winbind-0:3.5.4-0.70.el5_6.4
  • samba3x-winbind-0:3.6.6-0.131.el5_9
  • samba3x-winbind-devel-0:3.5.4-0.70.el5_6.4
  • samba3x-winbind-devel-0:3.6.6-0.131.el5_9
  • libsmbclient-0:3.5.10-119.el6_2
  • libsmbclient-0:3.6.9-151.el6_4.3
  • libsmbclient-0:3.6.9-171.el6_5
  • libsmbclient-devel-0:3.5.10-119.el6_2
  • libsmbclient-devel-0:3.6.9-151.el6_4.3
  • libsmbclient-devel-0:3.6.9-171.el6_5
  • samba-0:3.5.10-119.el6_2
  • samba-0:3.6.9-151.el6_4.3
  • samba-0:3.6.9-171.el6_5
  • samba-client-0:3.5.10-119.el6_2
  • samba-client-0:3.6.9-151.el6_4.3
  • samba-client-0:3.6.9-171.el6_5
  • samba-common-0:3.5.10-119.el6_2
  • samba-common-0:3.6.9-151.el6_4.3
  • samba-common-0:3.6.9-171.el6_5
  • samba-debuginfo-0:3.5.10-119.el6_2
  • samba-debuginfo-0:3.6.9-151.el6_4.3
  • samba-debuginfo-0:3.6.9-171.el6_5
  • samba-doc-0:3.5.10-119.el6_2
  • samba-doc-0:3.6.9-151.el6_4.3
  • samba-doc-0:3.6.9-171.el6_5
  • samba-domainjoin-gui-0:3.5.10-119.el6_2
  • samba-domainjoin-gui-0:3.6.9-151.el6_4.3
  • samba-domainjoin-gui-0:3.6.9-171.el6_5
  • samba-swat-0:3.5.10-119.el6_2
  • samba-swat-0:3.6.9-151.el6_4.3
  • samba-swat-0:3.6.9-171.el6_5
  • samba-winbind-0:3.5.10-119.el6_2
  • samba-winbind-0:3.6.9-151.el6_4.3
  • samba-winbind-0:3.6.9-171.el6_5
  • samba-winbind-clients-0:3.5.10-119.el6_2
  • samba-winbind-clients-0:3.6.9-151.el6_4.3
  • samba-winbind-clients-0:3.6.9-171.el6_5
  • samba-winbind-devel-0:3.5.10-119.el6_2
  • samba-winbind-devel-0:3.6.9-151.el6_4.3
  • samba-winbind-devel-0:3.6.9-171.el6_5
  • samba-winbind-krb5-locator-0:3.5.10-119.el6_2
  • samba-winbind-krb5-locator-0:3.6.9-151.el6_4.3
  • samba-winbind-krb5-locator-0:3.6.9-171.el6_5
  • samba4-0:4.0.0-57.el6_4.rc4
  • samba4-0:4.0.0-65.el6_5.rc4
  • samba4-client-0:4.0.0-57.el6_4.rc4
  • samba4-client-0:4.0.0-65.el6_5.rc4
  • samba4-common-0:4.0.0-57.el6_4.rc4
  • samba4-common-0:4.0.0-65.el6_5.rc4
  • samba4-dc-0:4.0.0-57.el6_4.rc4
  • samba4-dc-0:4.0.0-65.el6_5.rc4
  • samba4-dc-libs-0:4.0.0-57.el6_4.rc4
  • samba4-dc-libs-0:4.0.0-65.el6_5.rc4
  • samba4-debuginfo-0:4.0.0-57.el6_4.rc4
  • samba4-debuginfo-0:4.0.0-65.el6_5.rc4
  • samba4-devel-0:4.0.0-57.el6_4.rc4
  • samba4-devel-0:4.0.0-65.el6_5.rc4
  • samba4-libs-0:4.0.0-57.el6_4.rc4
  • samba4-libs-0:4.0.0-65.el6_5.rc4
  • samba4-pidl-0:4.0.0-57.el6_4.rc4
  • samba4-pidl-0:4.0.0-65.el6_5.rc4
  • samba4-python-0:4.0.0-57.el6_4.rc4
  • samba4-python-0:4.0.0-65.el6_5.rc4
  • samba4-swat-0:4.0.0-57.el6_4.rc4
  • samba4-swat-0:4.0.0-65.el6_5.rc4
  • samba4-test-0:4.0.0-57.el6_4.rc4
  • samba4-test-0:4.0.0-65.el6_5.rc4
  • samba4-winbind-0:4.0.0-57.el6_4.rc4
  • samba4-winbind-0:4.0.0-65.el6_5.rc4
  • samba4-winbind-clients-0:4.0.0-57.el6_4.rc4
  • samba4-winbind-clients-0:4.0.0-65.el6_5.rc4
  • samba4-winbind-krb5-locator-0:4.0.0-57.el6_4.rc4
  • samba4-winbind-krb5-locator-0:4.0.0-65.el6_5.rc4
  • libsmbclient-0:3.6.509-169.6.el6rhs
  • libsmbclient-devel-0:3.6.509-169.6.el6rhs
  • samba-0:3.6.509-169.6.el6rhs
  • samba-client-0:3.6.509-169.6.el6rhs
  • samba-common-0:3.6.509-169.6.el6rhs
  • samba-debuginfo-0:3.6.509-169.6.el6rhs
  • samba-doc-0:3.6.509-169.6.el6rhs
  • samba-domainjoin-gui-0:3.6.509-169.6.el6rhs
  • samba-glusterfs-0:3.6.509-169.6.el6rhs
  • samba-swat-0:3.6.509-169.6.el6rhs
  • samba-winbind-0:3.6.509-169.6.el6rhs
  • samba-winbind-clients-0:3.6.509-169.6.el6rhs
  • samba-winbind-devel-0:3.6.509-169.6.el6rhs
  • samba-winbind-krb5-locator-0:3.6.509-169.6.el6rhs
  • libsmbclient-0:3.6.9-167.10.3.el6rhs
  • libsmbclient-devel-0:3.6.9-167.10.3.el6rhs
  • samba-0:3.6.9-167.10.3.el6rhs
  • samba-client-0:3.6.9-167.10.3.el6rhs
  • samba-common-0:3.6.9-167.10.3.el6rhs
  • samba-debuginfo-0:3.6.9-167.10.3.el6rhs
  • samba-doc-0:3.6.9-167.10.3.el6rhs
  • samba-domainjoin-gui-0:3.6.9-167.10.3.el6rhs
  • samba-glusterfs-0:3.6.9-167.10.3.el6rhs
  • samba-swat-0:3.6.9-167.10.3.el6rhs
  • samba-winbind-0:3.6.9-167.10.3.el6rhs
  • samba-winbind-clients-0:3.6.9-167.10.3.el6rhs
  • samba-winbind-devel-0:3.6.9-167.10.3.el6rhs
  • samba-winbind-krb5-locator-0:3.6.9-167.10.3.el6rhs

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:89724
last seen2017-11-19
modified2015-11-13
published2015-11-13
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-89724
titleSamba NetLogon未初始化指针漏洞(CVE-2015-0240)

The Hacker News

idTHN:EC707FA03C4266A554099062CA89FF0E
last seen2018-01-27
modified2015-02-24
published2015-02-24
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2015/02/samba-service-hit-by-remote-code.html
titleSamba Service Hit By Remote Code Execution Vulnerability

References