Lucene search

K
cve[email protected]CVE-2015-0240
HistoryFeb 24, 2015 - 1:59 a.m.

CVE-2015-0240

2015-02-2401:59:00
CWE-17
web.nvd.nist.gov
189
cve-2015-0240
samba
remote code execution
netlogon
security vulnerability
nvd

8.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Affected configurations

NVD
Node
redhatenterprise_linuxMatch5
OR
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
Node
sambasambaMatch3.5.0
OR
sambasambaMatch3.5.1
OR
sambasambaMatch3.5.2
OR
sambasambaMatch3.5.3
OR
sambasambaMatch3.5.4
OR
sambasambaMatch3.5.5
OR
sambasambaMatch3.5.6
OR
sambasambaMatch3.5.7
OR
sambasambaMatch3.5.8
OR
sambasambaMatch3.5.9
OR
sambasambaMatch3.5.10
OR
sambasambaMatch3.5.11
OR
sambasambaMatch3.5.12
OR
sambasambaMatch3.5.13
OR
sambasambaMatch3.5.14
OR
sambasambaMatch3.5.15
OR
sambasambaMatch3.5.16
OR
sambasambaMatch3.5.17
OR
sambasambaMatch3.5.18
OR
sambasambaMatch3.5.19
OR
sambasambaMatch3.5.20
OR
sambasambaMatch3.5.21
OR
sambasambaMatch3.5.22
OR
sambasambaMatch3.6.0
OR
sambasambaMatch3.6.1
OR
sambasambaMatch3.6.2
OR
sambasambaMatch3.6.10
OR
sambasambaMatch3.6.11
OR
sambasambaMatch3.6.12
OR
sambasambaMatch3.6.13
OR
sambasambaMatch3.6.14
OR
sambasambaMatch3.6.15
OR
sambasambaMatch3.6.16
OR
sambasambaMatch3.6.17
OR
sambasambaMatch3.6.18
OR
sambasambaMatch3.6.19
OR
sambasambaMatch3.6.20
OR
sambasambaMatch3.6.21
OR
sambasambaMatch3.6.22
OR
sambasambaMatch3.6.23
OR
sambasambaMatch3.6.24
OR
sambasambaMatch4.0.0
OR
sambasambaMatch4.0.1
OR
sambasambaMatch4.0.2
OR
sambasambaMatch4.0.3
OR
sambasambaMatch4.0.4
OR
sambasambaMatch4.0.5
OR
sambasambaMatch4.0.6
OR
sambasambaMatch4.0.7
OR
sambasambaMatch4.0.8
OR
sambasambaMatch4.0.9
OR
sambasambaMatch4.0.10
OR
sambasambaMatch4.0.11
OR
sambasambaMatch4.0.12
OR
sambasambaMatch4.0.13
OR
sambasambaMatch4.0.14
OR
sambasambaMatch4.0.15
OR
sambasambaMatch4.0.16
OR
sambasambaMatch4.0.17
OR
sambasambaMatch4.0.18
OR
sambasambaMatch4.0.19
OR
sambasambaMatch4.0.20
OR
sambasambaMatch4.0.21
OR
sambasambaMatch4.0.22
OR
sambasambaMatch4.0.23
OR
sambasambaMatch4.0.24
OR
sambasambaMatch4.1.0
OR
sambasambaMatch4.1.1
OR
sambasambaMatch4.1.2
OR
sambasambaMatch4.1.3
OR
sambasambaMatch4.1.4
OR
sambasambaMatch4.1.5
OR
sambasambaMatch4.1.6
OR
sambasambaMatch4.1.7
OR
sambasambaMatch4.1.8
OR
sambasambaMatch4.1.9
OR
sambasambaMatch4.1.10
OR
sambasambaMatch4.1.11
OR
sambasambaMatch4.1.12
OR
sambasambaMatch4.1.13
OR
sambasambaMatch4.1.14
OR
sambasambaMatch4.1.15
OR
sambasambaMatch4.1.16
OR
sambasambaMatch4.2.0rc1
OR
sambasambaMatch4.2.0rc2
OR
sambasambaMatch4.2.0rc3
OR
sambasambaMatch4.2.0rc4
Node
novellsuse_linux_enterprise_desktopMatch12
OR
novellsuse_linux_enterprise_serverMatch12
OR
novellsuse_linux_enterprise_software_development_kitMatch12
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch14.10

References

8.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%