Test ID:	1.3.6.1.4.1.25623.1.0.105231
Category:	General
Title:	Samba 'TALLOC_FREE()' Function RCE Vulnerability
Summary:	Samba is prone to a remote code execution (RCE) vulnerability in; the 'TALLOC_FREE()' function.
Description:	Summary: Samba is prone to a remote code execution (RCE) vulnerability in the 'TALLOC_FREE()' function. Vulnerability Insight: The Netlogon server implementation in smbd performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. Vulnerability Impact: An attacker can exploit this issue to execute arbitrary code with root privileges. Failed exploit attempts will cause a denial-of-service condition Affected Software/OS: Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 Solution: Updates are available. Please see the references or vendor advisory for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0240 1031783 http://www.securitytracker.com/id/1031783 36741 https://www.exploit-db.com/exploits/36741/ 72711 http://www.securityfocus.com/bid/72711 DSA-3171 http://www.debian.org/security/2015/dsa-3171 GLSA-201502-15 http://security.gentoo.org/glsa/glsa-201502-15.xml HPSBGN03288 http://marc.info/?l=bugtraq&m=142722696102151&w=2 HPSBUX03320 http://marc.info/?l=bugtraq&m=143039217203031&w=2 MDVSA-2015:081 http://www.mandriva.com/security/advisories?name=MDVSA-2015:081 MDVSA-2015:082 http://www.mandriva.com/security/advisories?name=MDVSA-2015:082 RHSA-2015:0249 http://rhn.redhat.com/errata/RHSA-2015-0249.html RHSA-2015:0250 http://rhn.redhat.com/errata/RHSA-2015-0250.html RHSA-2015:0251 http://rhn.redhat.com/errata/RHSA-2015-0251.html RHSA-2015:0252 http://rhn.redhat.com/errata/RHSA-2015-0252.html RHSA-2015:0253 http://rhn.redhat.com/errata/RHSA-2015-0253.html RHSA-2015:0254 http://rhn.redhat.com/errata/RHSA-2015-0254.html RHSA-2015:0255 http://rhn.redhat.com/errata/RHSA-2015-0255.html RHSA-2015:0256 http://rhn.redhat.com/errata/RHSA-2015-0256.html RHSA-2015:0257 http://rhn.redhat.com/errata/RHSA-2015-0257.html SSA:2015-064-01 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345 SSRT101952 SSRT101979 SUSE-SU-2015:0353 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html SUSE-SU-2015:0371 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html SUSE-SU-2015:0386 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html USN-2508-1 http://www.ubuntu.com/usn/USN-2508-1 http://advisories.mageia.org/MGASA-2015-0084.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://access.redhat.com/articles/1346913 https://bugzilla.redhat.com/show_bug.cgi?id=1191325 https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ https://support.lenovo.com/product_security/samba_remote_vuln https://support.lenovo.com/us/en/product_security/samba_remote_vuln https://www.samba.org/samba/security/CVE-2015-0240 openSUSE-SU-2015:0375 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html openSUSE-SU-2016:1064 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html openSUSE-SU-2016:1106 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html openSUSE-SU-2016:1107 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.