Vulnerabilities > CVE-2015-0240 - Code vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | Samba < 3.6.2 x86 - PoC. CVE-2015-0240. Dos exploit for linux platform |
file | exploits/linux_x86/dos/36741.py |
id | EDB-ID:36741 |
last seen | 2016-02-04 |
modified | 2015-04-13 |
platform | linux_x86 |
port | |
published | 2015-04-13 |
reporter | sleepya |
source | https://www.exploit-db.com/download/36741/ |
title | Samba < 3.6.2 x86 - PoC |
type | dos |
Metasploit
description | This module checks if a Samba target is vulnerable to an uninitialized variable creds vulnerability. |
id | MSF:AUXILIARY/SCANNER/SMB/SMB_UNINIT_CRED |
last seen | 2019-11-13 |
modified | 2019-03-05 |
published | 2015-03-05 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/smb/smb_uninit_cred.rb |
title | Samba _netr_ServerPasswordSet Uninitialized Credential State |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-083.NASL description Multiple vulnerabilities has been discovered and corrected in samba4 : Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (CVE-2014-8143). An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240). The updated packages provides a solution for these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82336 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82336 title Mandriva Linux Security Advisory : samba4 (MDVSA-2015:083) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:083. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(82336); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-8143", "CVE-2015-0240"); script_xref(name:"MDVSA", value:"2015:083"); script_name(english:"Mandriva Linux Security Advisory : samba4 (MDVSA-2015:083)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been discovered and corrected in samba4 : Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (CVE-2014-8143). An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240). The updated packages provides a solution for these security issues." ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.1.15.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.1.16.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.1.17.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2014-8143" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2015-0240" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-dc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-smbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-smbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-test-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-test0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-wbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba4-wbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64samba41"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-samba4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba4-winbind-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-dc0-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-devel-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-smbclient-devel-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-smbclient0-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-test-devel-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-test0-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-wbclient-devel-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba4-wbclient0-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64samba41-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"python-samba4-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-client-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-common-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-dc-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", reference:"samba4-pidl-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-test-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-vfs-glusterfs-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-winbind-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-winbind-clients-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-winbind-krb5-locator-4.1.17-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"samba4-winbind-modules-4.1.17-1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0253.NASL description Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81472 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81472 title RHEL 5 : samba3x (RHSA-2015:0253) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:0253. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(81472); script_version("1.18"); script_cvs_date("Date: 2019/10/24 15:35:39"); script_cve_id("CVE-2015-0240"); script_bugtraq_id(72711); script_xref(name:"RHSA", value:"2015:0253"); script_name(english:"RHEL 5 : samba3x (RHSA-2015:0253)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/articles/1346913" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:0253" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0240" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^(5\.6|5\.9)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.6 / 5.9", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:0253"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { sp = get_kb_item("Host/RedHat/minor_release"); if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); flag = 0; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-client-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-client-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-client-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-client-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-client-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-common-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-common-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-common-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-common-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-common-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"9", reference:"samba3x-debuginfo-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-debuginfo-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-debuginfo-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-doc-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-doc-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-doc-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-doc-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-doc-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-domainjoin-gui-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-domainjoin-gui-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-domainjoin-gui-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-domainjoin-gui-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-domainjoin-gui-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-swat-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"samba3x-swat-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"samba3x-swat-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-swat-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"samba3x-swat-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"9", reference:"samba3x-winbind-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-winbind-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-winbind-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"9", reference:"samba3x-winbind-devel-3.6.6-0.131.el5_9")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"samba3x-winbind-devel-3.5.4-0.70.el5_6.4")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"samba3x-winbind-devel-3.5.4-0.70.el5_6.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc"); } }
NASL family Scientific Linux Local Security Checks NASL id SL_20150223_SAMBA_ON_SL6_X.NASL description An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically. last seen 2020-03-18 modified 2015-02-24 plugin id 81478 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81478 title Scientific Linux Security Update : samba on SL6.x, SL7.x i386/x86_64 (20150223) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2538.NASL description Update to Samba 4.1.17 to address CVE-2015-0240 - RCE in netlogon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-26 plugin id 81533 published 2015-02-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81533 title Fedora 21 : samba-4.1.17-1.fc21 (2015-2538) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0251.NASL description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81442 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81442 title CentOS 6 : samba (CESA-2015:0251) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0353-1.NASL description samba was updated to fix one security issue. This security issue was fixed : - CVE-2015-0240: Don last seen 2020-06-01 modified 2020-06-02 plugin id 83687 published 2015-05-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83687 title SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2015:0353-1) NASL family SuSE Local Security Checks NASL id SUSE_11_SAMBA-20150217-150217.NASL description Samba has been updated to fix one security issue : - Don last seen 2020-06-01 modified 2020-06-02 plugin id 81508 published 2015-02-25 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81508 title SuSE 11.3 Security Update : Samba (SAT Patch Number 10321) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0250.NASL description Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81441 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81441 title CentOS 6 : samba4 (CESA-2015:0250) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0255.NASL description Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81474 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81474 title RHEL 6 : samba4 (RHSA-2015:0255) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-082.NASL description Updated samba packages fix security vulnerabilities : In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication (CVE-2013-4496). Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS ame service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240). last seen 2020-06-01 modified 2020-06-02 plugin id 82335 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82335 title Mandriva Linux Security Advisory : samba (MDVSA-2015:082) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0251.NASL description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81470 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81470 title RHEL 6 : samba (RHSA-2015:0251) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2519.NASL description Update to Samba 4.1.17 to address CVE-2015-0240 - RCE in netlogon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-26 plugin id 81532 published 2015-02-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81532 title Fedora 20 : samba-4.1.17-1.fc20 (2015-2519) NASL family Scientific Linux Local Security Checks NASL id SL_20150223_SAMBA_ON_SL7_X.NASL description An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically. last seen 2020-03-18 modified 2015-02-24 plugin id 81479 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81479 title Scientific Linux Security Update : samba on SL7.x x86_64 (20150223) NASL family Scientific Linux Local Security Checks NASL id SL_20150223_SAMBA4_ON_SL6_X.NASL description An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically. last seen 2020-03-18 modified 2015-02-24 plugin id 81476 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81476 title Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20150223) NASL family Scientific Linux Local Security Checks NASL id SL_20150223_SAMBA_ON_SL5_X.NASL description An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically. last seen 2020-03-18 modified 2015-02-24 plugin id 81477 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81477 title Scientific Linux Security Update : samba on SL5.x i386 (20150223) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0252.NASL description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81471 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81471 title RHEL 7 : samba (RHSA-2015:0252) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0249.NASL description From Red Hat Security Advisory 2015:0249 : Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81464 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81464 title Oracle Linux 5 : samba3x (ELSA-2015-0249) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2015-064-01.NASL description New samba packages are available for Slackware 14.1 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81653 published 2015-03-06 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81653 title Slackware 14.1 / current : samba (SSA:2015-064-01) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-462.NASL description samba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: last seen 2020-06-05 modified 2016-04-18 plugin id 90558 published 2016-04-18 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90558 title openSUSE Security Update : samba (openSUSE-2016-462) (Badlock) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-490.NASL description This update fixes these security vulnerabilities : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2114: last seen 2020-06-05 modified 2016-04-21 plugin id 90609 published 2016-04-21 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90609 title openSUSE Security Update : samba (openSUSE-2016-490) (Badlock) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0252.NASL description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81443 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81443 title CentOS 7 : samba (CESA-2015:0252) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-156.NASL description Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. For the oldstable distribution (squeeze), this problem has been fixed in version 2:3.5.6~dfsg-3squeeze12. For the stable distribution (wheezy), this problem has been fixed in version 2:3.6.6-6+deb7u5. We recommend that you upgrade your samba packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82139 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82139 title Debian DLA-156-1 : samba security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0251.NASL description From Red Hat Security Advisory 2015:0251 : Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81466 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81466 title Oracle Linux 6 : samba (ELSA-2015-0251) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0256.NASL description Updated samba packages that fix one security issue are now available for Red Hat Storage 3. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81475 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81475 title RHEL 6 : Storage Server (RHSA-2015:0256) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0249.NASL description Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81468 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81468 title RHEL 5 : samba3x (RHSA-2015:0249) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_996C219CBBB111E488AED050992ECDE8.NASL description Samba development team reports : All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 81463 published 2015-02-24 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81463 title FreeBSD : samba -- Unexpected code execution in smbd (996c219c-bbb1-11e4-88ae-d050992ecde8) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201502-15.NASL description The remote host is affected by the vulnerability described in GLSA-201502-15 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, bypass intended file restrictions, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 81536 published 2015-02-26 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81536 title GLSA-201502-15 : Samba: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-081.NASL description Updated samba packages fix security vulnerabilities : An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240). last seen 2020-06-01 modified 2020-06-02 plugin id 82334 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82334 title Mandriva Linux Security Advisory : samba (MDVSA-2015:081) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0250.NASL description Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81469 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81469 title RHEL 6 : samba4 (RHSA-2015:0250) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0254.NASL description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81473 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81473 title RHEL 6 : samba (RHSA-2015:0254) NASL family Misc. NASL id SAMBA_4_1_17.NASL description According to its banner, the version of Samba running on the remote host is 3.5.x prior to 3.5.22, 3.6.x prior to 3.6.25, 4.0.x prior to 4.0.25, or 4.1.x prior to 4.1.17. It is, therefore, affected by a remote code execution vulnerability in the TALLOC_FREE() function of last seen 2020-06-01 modified 2020-06-02 plugin id 81485 published 2015-02-24 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81485 title Samba 3.5.x < 3.5.22 / 3.6.x < 3.6.25 / 4.0.x < 4.0.25 / 4.1.x < 4.1.17 TALLOC_FREE() RCE NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0249.NASL description Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81440 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81440 title CentOS 5 : samba3x (CESA-2015:0249) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-179.NASL description samba was updated to fix two security issues. These security issues were fixed : - CVE-2015-0240: Ensure we don last seen 2020-06-05 modified 2015-02-27 plugin id 81561 published 2015-02-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81561 title openSUSE Security Update : samba (openSUSE-2015-179) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0252.NASL description From Red Hat Security Advisory 2015:0252 : Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81467 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81467 title Oracle Linux 7 : samba (ELSA-2015-0252) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2508-1.NASL description Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81483 published 2015-02-24 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81483 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : samba vulnerability (USN-2508-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3171.NASL description Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. last seen 2020-03-17 modified 2015-02-24 plugin id 81450 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81450 title Debian DSA-3171-1 : samba - security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0250.NASL description From Red Hat Security Advisory 2015:0250 : Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 81465 published 2015-02-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81465 title Oracle Linux 6 : samba4 (ELSA-2015-0250)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:89724 |
last seen | 2017-11-19 |
modified | 2015-11-13 |
published | 2015-11-13 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-89724 |
title | Samba NetLogon未初始化指针漏洞(CVE-2015-0240) |
The Hacker News
id | THN:EC707FA03C4266A554099062CA89FF0E |
last seen | 2018-01-27 |
modified | 2015-02-24 |
published | 2015-02-24 |
reporter | Swati Khandelwal |
source | https://thehackernews.com/2015/02/samba-service-hit-by-remote-code.html |
title | Samba Service Hit By Remote Code Execution Vulnerability |
References
- http://advisories.mageia.org/MGASA-2015-0084.html
- http://advisories.mageia.org/MGASA-2015-0084.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
- http://marc.info/?l=bugtraq&m=142722696102151&w=2
- http://marc.info/?l=bugtraq&m=142722696102151&w=2
- http://marc.info/?l=bugtraq&m=142722696102151&w=2
- http://marc.info/?l=bugtraq&m=142722696102151&w=2
- http://marc.info/?l=bugtraq&m=143039217203031&w=2
- http://marc.info/?l=bugtraq&m=143039217203031&w=2
- http://marc.info/?l=bugtraq&m=143039217203031&w=2
- http://marc.info/?l=bugtraq&m=143039217203031&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0249.html
- http://rhn.redhat.com/errata/RHSA-2015-0249.html
- http://rhn.redhat.com/errata/RHSA-2015-0250.html
- http://rhn.redhat.com/errata/RHSA-2015-0250.html
- http://rhn.redhat.com/errata/RHSA-2015-0251.html
- http://rhn.redhat.com/errata/RHSA-2015-0251.html
- http://rhn.redhat.com/errata/RHSA-2015-0252.html
- http://rhn.redhat.com/errata/RHSA-2015-0252.html
- http://rhn.redhat.com/errata/RHSA-2015-0253.html
- http://rhn.redhat.com/errata/RHSA-2015-0253.html
- http://rhn.redhat.com/errata/RHSA-2015-0254.html
- http://rhn.redhat.com/errata/RHSA-2015-0254.html
- http://rhn.redhat.com/errata/RHSA-2015-0255.html
- http://rhn.redhat.com/errata/RHSA-2015-0255.html
- http://rhn.redhat.com/errata/RHSA-2015-0256.html
- http://rhn.redhat.com/errata/RHSA-2015-0256.html
- http://rhn.redhat.com/errata/RHSA-2015-0257.html
- http://rhn.redhat.com/errata/RHSA-2015-0257.html
- http://security.gentoo.org/glsa/glsa-201502-15.xml
- http://security.gentoo.org/glsa/glsa-201502-15.xml
- http://www.debian.org/security/2015/dsa-3171
- http://www.debian.org/security/2015/dsa-3171
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:081
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:081
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.securityfocus.com/bid/72711
- http://www.securityfocus.com/bid/72711
- http://www.securitytracker.com/id/1031783
- http://www.securitytracker.com/id/1031783
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345
- http://www.ubuntu.com/usn/USN-2508-1
- http://www.ubuntu.com/usn/USN-2508-1
- https://access.redhat.com/articles/1346913
- https://access.redhat.com/articles/1346913
- https://bugzilla.redhat.com/show_bug.cgi?id=1191325
- https://bugzilla.redhat.com/show_bug.cgi?id=1191325
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
- https://support.lenovo.com/product_security/samba_remote_vuln
- https://support.lenovo.com/product_security/samba_remote_vuln
- https://support.lenovo.com/us/en/product_security/samba_remote_vuln
- https://support.lenovo.com/us/en/product_security/samba_remote_vuln
- https://www.exploit-db.com/exploits/36741/
- https://www.exploit-db.com/exploits/36741/
- https://www.samba.org/samba/security/CVE-2015-0240
- https://www.samba.org/samba/security/CVE-2015-0240