Lucene search

[email protected]CVE-2015-0240

HistoryFeb 24, 2015 - 1:59 a.m.

CVE-2015-0240

2015-02-2401:59:00

CWE-17

[email protected]

web.nvd.nist.gov

196

cve-2015-0240

samba

remote code execution

netlogon

security vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%

JSON

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch5

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

sambasambaMatch3.5.0

sambasambaMatch3.5.1

sambasambaMatch3.5.2

sambasambaMatch3.5.3

sambasambaMatch3.5.4

sambasambaMatch3.5.5

sambasambaMatch3.5.6

sambasambaMatch3.5.7

sambasambaMatch3.5.8

sambasambaMatch3.5.9

sambasambaMatch3.5.10

sambasambaMatch3.5.11

sambasambaMatch3.5.12

sambasambaMatch3.5.13

sambasambaMatch3.5.14

sambasambaMatch3.5.15

sambasambaMatch3.5.16

sambasambaMatch3.5.17

sambasambaMatch3.5.18

sambasambaMatch3.5.19

sambasambaMatch3.5.20

sambasambaMatch3.5.21

sambasambaMatch3.5.22

sambasambaMatch3.6.0

sambasambaMatch3.6.1

sambasambaMatch3.6.2

sambasambaMatch3.6.10

sambasambaMatch3.6.11

sambasambaMatch3.6.12

sambasambaMatch3.6.13

sambasambaMatch3.6.14

sambasambaMatch3.6.15

sambasambaMatch3.6.16

sambasambaMatch3.6.17

sambasambaMatch3.6.18

sambasambaMatch3.6.19

sambasambaMatch3.6.20

sambasambaMatch3.6.21

sambasambaMatch3.6.22

sambasambaMatch3.6.23

sambasambaMatch3.6.24

sambasambaMatch4.0.0

sambasambaMatch4.0.1

sambasambaMatch4.0.2

sambasambaMatch4.0.3

sambasambaMatch4.0.4

sambasambaMatch4.0.5

sambasambaMatch4.0.6

sambasambaMatch4.0.7

sambasambaMatch4.0.8

sambasambaMatch4.0.9

sambasambaMatch4.0.10

sambasambaMatch4.0.11

sambasambaMatch4.0.12

sambasambaMatch4.0.13

sambasambaMatch4.0.14

sambasambaMatch4.0.15

sambasambaMatch4.0.16

sambasambaMatch4.0.17

sambasambaMatch4.0.18

sambasambaMatch4.0.19

sambasambaMatch4.0.20

sambasambaMatch4.0.21

sambasambaMatch4.0.22

sambasambaMatch4.0.23

sambasambaMatch4.0.24

sambasambaMatch4.1.0

sambasambaMatch4.1.1

sambasambaMatch4.1.2

sambasambaMatch4.1.3

sambasambaMatch4.1.4

sambasambaMatch4.1.5

sambasambaMatch4.1.6

sambasambaMatch4.1.7

sambasambaMatch4.1.8

sambasambaMatch4.1.9

sambasambaMatch4.1.10

sambasambaMatch4.1.11

sambasambaMatch4.1.12

sambasambaMatch4.1.13

sambasambaMatch4.1.14

sambasambaMatch4.1.15

sambasambaMatch4.1.16

sambasambaMatch4.2.0rc1

sambasambaMatch4.2.0rc2

sambasambaMatch4.2.0rc3

sambasambaMatch4.2.0rc4

Node

novellsuse_linux_enterprise_desktopMatch12

novellsuse_linux_enterprise_serverMatch12

novellsuse_linux_enterprise_software_development_kitMatch12

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq5
redhat:enterprise_linuxredhat enterprise linuxeq6.0
redhat:enterprise_linuxredhat enterprise linuxeq7.0

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	5
redhat:enterprise_linux	redhat enterprise linux	eq	6.0
redhat:enterprise_linux	redhat enterprise linux	eq	7.0