Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Title:Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability
Summary:Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability
Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability

Vulnerability Insight:
The Netlogon server implementation in smbd performs a free operation on an
uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets
that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function
in rpc_server/netlogon/srv_netlog_nt.c.

Vulnerability Impact:
An attacker can exploit this issue to execute arbitrary code with root
privileges. Failed exploit attempts will cause a denial-of-service condition

Affected Software/OS:
Samba 3.5.x and 3.6.x before 3.6.25,
4.0.x before 4.0.25,
4.1.x before 4.1.17,
and 4.2.x before 4.2.0rc5

Updates are available. Please see the references or vendor advisory for more information.

CVSS Score:

CVSS Vector:

Cross-Ref: BugTraq ID: 72711
Common Vulnerability Exposure (CVE) ID: CVE-2015-0240
Debian Security Information: DSA-3171 (Google Search)
HPdes Security Advisory: HPSBGN03288
HPdes Security Advisory: HPSBUX03320
HPdes Security Advisory: SSRT101952
HPdes Security Advisory: SSRT101979
RedHat Security Advisories: RHSA-2015:0249
RedHat Security Advisories: RHSA-2015:0250
RedHat Security Advisories: RHSA-2015:0251
RedHat Security Advisories: RHSA-2015:0252
RedHat Security Advisories: RHSA-2015:0253
RedHat Security Advisories: RHSA-2015:0254
RedHat Security Advisories: RHSA-2015:0255
RedHat Security Advisories: RHSA-2015:0256
RedHat Security Advisories: RHSA-2015:0257
SuSE Security Announcement: SUSE-SU-2015:0353 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0371 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0386 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:0375 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1064 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1106 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1107 (Google Search)
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2023 E-Soft Inc. All rights reserved.