Lucene search

K

LenovoLENOVO:PS500014-NOSID

HistoryJan 23, 2017 - 12:00 a.m.

Samba Remote Code Execution Vulnerability

2017-01-2300:00:00

support.lenovo.com

775

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

Lenovo Security Advisory: LEN-2015-016 **Potential Impact:**Execution of arbitrary code Severity: High

Summary: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that could potentially lead to arbitrary code execution with the privileges of the user running smbd.

Samba is utilized by Lifeline firmware which ships on LenovoEMC network storage devices. Refer to Product Impact for information about remediation.

Product Impact:

Affected Product	Lifeline minimum version including fix	Link

LenovoEMC px12-400r

| 4.1.110.33149 ** ** |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/32028>

LenovoEMC EZ Media & Backup (hm3)

| 4.1.110.33149 ** ** |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/32028>

LenovoEMC ix2 (inc DL)

| 4.1.110.33149** ** |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/31178>

LenovoEMC ix4-300d (inc DL)

| 4.1.110.33149** ** |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/32094>

LenovoEMC px2-300d (inc NVR)

| 4.1.110.33149** ** |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/32094>

LenovoEMC px4-300d (inc NVR)

| 4.1.110.33149 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/27363>

LenovoEMC px4-300r

| 4.1.110.33149 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/27368>

LenovoEMC px4-400d

| 4.1.110.33149 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/33814>

LenovoEMC px4-400d NVR

| 4.1.110.33149 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/33814>

LenovoEMC px4-400r

| 4.1.110.33149 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/33824>

LenovoEMC px6-300d

| 4.1.110.33149 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/27366>

LenovoEMC px12-400r

| 4.1.110.33149 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/32092>

LenovoEMC px12-450r

| 4.1.110.33149 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/32092>

LenovoEMC ix12-300r

| 4.0.18.33013 |

<https://lenovo-na-en.custhelp.com/app/answers/detail/a_id/23142>

LenovoEMC px12-350r

| 4.0.18.33013 |

<https://lenovo-na-en.custhelp.com/app/answers/detail/a_id/23142>

LenovoEMC Home Media Cloud Edition (hm2)

| 3.2.12.30116 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/26784>

LenovoEMC ix2-200 Cloud Edition

| 3.2.12.30116 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/26784>

LenovoEMC ix4-200d Cloud Edition

| 3.2.12.30116 |

<http://lenovo-na-en.custhelp.com/app/answers/detail/a_id/26784>

**Acknowledgements:**None
Other information and references:

<https://www.us-cert.gov/ncas/current-activity/2015/02/24/Samba-Remote-Code-Execution-Vulnerability>
CVE ID: CVE-2015-0240
Revision History:

Revision

|

Date

|

Description

—|—|—
1.1 |** 6 Jun 2015**|** Published additional fixes** ** 1.0**|** 3 Apr 2015**|** Initial release**

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%