Lucene search

Veracode Vulnerability DatabaseVERACODE:11595

HistoryJan 15, 2019 - 9:04 a.m.

Arbitrary Code Execution

2019-01-1509:04:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.974 High

EPSS

Percentile

99.9%

JSON

samba3x is vulnerable to arbitrary code execution attacks. The vulnerability exists as the Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

CPENameOperatorVersion
samba3xeq3.6.6__0.140.el5_10
samba3xeq3.3.8__0.52.el5_5
samba3xeq3.6.6__0.129.el5
samba3xeq3.6.6__0.138.el5_10
samba3xeq3.5.4__0.70.el5
samba3xeq3.5.10__0.109.el5_8
samba3xeq3.3.8__0.51.el5
samba3xeq3.3.8__0.52.el5_5.2
samba3xeq3.6.23__6.el5
samba3xeq3.5.4__0.70.el5_6.1

Name	Operator	Version
samba3x	eq	3.6.6__0.140.el5_10
samba3x	eq	3.3.8__0.52.el5_5
samba3x	eq	3.6.6__0.129.el5
samba3x	eq	3.6.6__0.138.el5_10
samba3x	eq	3.5.4__0.70.el5
samba3x	eq	3.5.10__0.109.el5_8
samba3x	eq	3.3.8__0.51.el5
samba3x	eq	3.3.8__0.52.el5_5.2
samba3x	eq	3.6.23__6.el5
samba3x	eq	3.5.4__0.70.el5_6.1

Rows per page:

1-10 of 1021

References

advisories.mageia.org/MGASA-2015-0084.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

marc.info/?l=bugtraq&m=142722696102151&w=2

marc.info/?l=bugtraq&m=143039217203031&w=2

rhn.redhat.com/errata/RHSA-2015-0249.html

rhn.redhat.com/errata/RHSA-2015-0250.html

rhn.redhat.com/errata/RHSA-2015-0251.html

rhn.redhat.com/errata/RHSA-2015-0252.html

rhn.redhat.com/errata/RHSA-2015-0253.html

rhn.redhat.com/errata/RHSA-2015-0254.html

rhn.redhat.com/errata/RHSA-2015-0255.html

rhn.redhat.com/errata/RHSA-2015-0256.html

rhn.redhat.com/errata/RHSA-2015-0257.html

security.gentoo.org/glsa/glsa-201502-15.xml

www.debian.org/security/2015/dsa-3171

www.mandriva.com/security/advisories?name=MDVSA-2015:081

www.mandriva.com/security/advisories?name=MDVSA-2015:082

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.securityfocus.com/bid/72711

www.securitytracker.com/id/1031783

www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345

www.ubuntu.com/usn/USN-2508-1

access.redhat.com/articles/1346913

access.redhat.com/errata/RHSA-2015:0249

access.redhat.com/errata/RHSA-2015:0250

access.redhat.com/errata/RHSA-2015:0251

access.redhat.com/errata/RHSA-2015:0252

access.redhat.com/errata/RHSA-2015:0253

access.redhat.com/errata/RHSA-2015:0254

access.redhat.com/errata/RHSA-2015:0255

access.redhat.com/errata/RHSA-2015:0256

access.redhat.com/errata/RHSA-2015:0257

access.redhat.com/security/cve/CVE-2015-0240

access.redhat.com/security/updates/classification/#critical

bugzilla.redhat.com/show_bug.cgi?id=1191325

rhn.redhat.com/errata/RHSA-2015-0249.html

securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/

support.lenovo.com/product_security/samba_remote_vuln

support.lenovo.com/us/en/product_security/samba_remote_vuln

www.exploit-db.com/exploits/36741/

www.samba.org/samba/security/CVE-2015-0240