Test ID:	1.3.6.1.4.1.25623.1.0.105231
Category:	General
Title:	Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability
Summary:	Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability
Description:	Summary: Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability Vulnerability Insight: The Netlogon server implementation in smbd performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. Vulnerability Impact: An attacker can exploit this issue to execute arbitrary code with root privileges. Failed exploit attempts will cause a denial-of-service condition Affected Software/OS: Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 Solution: Updates are available. Please see the references or vendor advisory for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	BugTraq ID: 72711 Common Vulnerability Exposure (CVE) ID: CVE-2015-0240 http://www.securityfocus.com/bid/72711 Debian Security Information: DSA-3171 (Google Search) http://www.debian.org/security/2015/dsa-3171 https://www.exploit-db.com/exploits/36741/ http://security.gentoo.org/glsa/glsa-201502-15.xml HPdes Security Advisory: HPSBGN03288 http://marc.info/?l=bugtraq&m=142722696102151&w=2 HPdes Security Advisory: HPSBUX03320 http://marc.info/?l=bugtraq&m=143039217203031&w=2 HPdes Security Advisory: SSRT101952 HPdes Security Advisory: SSRT101979 http://www.mandriva.com/security/advisories?name=MDVSA-2015:081 http://www.mandriva.com/security/advisories?name=MDVSA-2015:082 RedHat Security Advisories: RHSA-2015:0249 http://rhn.redhat.com/errata/RHSA-2015-0249.html RedHat Security Advisories: RHSA-2015:0250 http://rhn.redhat.com/errata/RHSA-2015-0250.html RedHat Security Advisories: RHSA-2015:0251 http://rhn.redhat.com/errata/RHSA-2015-0251.html RedHat Security Advisories: RHSA-2015:0252 http://rhn.redhat.com/errata/RHSA-2015-0252.html RedHat Security Advisories: RHSA-2015:0253 http://rhn.redhat.com/errata/RHSA-2015-0253.html RedHat Security Advisories: RHSA-2015:0254 http://rhn.redhat.com/errata/RHSA-2015-0254.html RedHat Security Advisories: RHSA-2015:0255 http://rhn.redhat.com/errata/RHSA-2015-0255.html RedHat Security Advisories: RHSA-2015:0256 http://rhn.redhat.com/errata/RHSA-2015-0256.html RedHat Security Advisories: RHSA-2015:0257 http://rhn.redhat.com/errata/RHSA-2015-0257.html http://www.securitytracker.com/id/1031783 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345 SuSE Security Announcement: SUSE-SU-2015:0353 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html SuSE Security Announcement: SUSE-SU-2015:0371 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html SuSE Security Announcement: SUSE-SU-2015:0386 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html SuSE Security Announcement: openSUSE-SU-2015:0375 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:1064 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html SuSE Security Announcement: openSUSE-SU-2016:1106 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html SuSE Security Announcement: openSUSE-SU-2016:1107 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://www.ubuntu.com/usn/USN-2508-1
Copyright	This script is Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.