exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

CVE-2015-0240

Status Candidate

Overview

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Related Files

Samba _netr_ServerPasswordSet Uninitialized Credential State
Posted Sep 1, 2024
Authored by sinn3r, sleepya, Richard van Eeden | Site metasploit.com

This Metasploit module checks if a Samba target is vulnerable to an uninitialized variable creds vulnerability.

tags | exploit
advisories | CVE-2015-0240
SHA-256 | 681efe7fe7ea30e7014e98779385ad637775f0fc6af8ac07bd254b36e8b70529
HP Security Bulletin HPSBUX03320 SSRT101952 1
Posted Apr 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03320 SSRT101952 1 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), execution of arbitrary code, or unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2015-0240
SHA-256 | e973ffb6dafb6ca7009b2cd65cdfaa080bc145cae7286e26749ee0040f2ca8fc
Mandriva Linux Security Advisory 2015-082
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-082 - In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication. Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS ame service. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).

tags | advisory, denial of service, arbitrary, root, code execution
systems | linux, mandriva
advisories | CVE-2013-4496, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2015-0240
SHA-256 | a746da07e0936d2f90ff3113f5c91d8a56d359101e9fd3c4b400291184eac8c7
Mandriva Linux Security Advisory 2015-083
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-083 - Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). The updated packages provides a solution for these security issues.

tags | advisory, remote, arbitrary, root, code execution
systems | linux, mandriva
advisories | CVE-2014-8143, CVE-2015-0240
SHA-256 | b6781691dfb29aa5e6e3e339abaa996f02a7b1e269ae9c8c690e09e7e8f9ed2a
Mandriva Linux Security Advisory 2015-081
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-081 - An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).

tags | advisory, arbitrary, root, code execution
systems | linux, mandriva
advisories | CVE-2015-0240
SHA-256 | fa2365b1ed1e17c66739c446a1c933e66dcd0dca5792983245ef2a8408c4c002
HP Security Bulletin HPSBGN03288 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03288 1 - A potential security vulnerability has been identified with HP Server Automation. This vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2015-0240
SHA-256 | d6a1647519e8e6318998d9bf72dbd53af0d42837ee32a610e3accf6ae3e02c08
Slackware Security Advisory - samba Updates
Posted Mar 9, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-0240
SHA-256 | 395f5f75150584b529e443ac6c4239929607552fcf310a6961ec6a0cb5f4515e
Gentoo Linux Security Advisory 201502-15
Posted Feb 26, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-15 - Multiple vulnerabilities have been found in Samba, the worst of which allowing a context-dependent attacker to bypass intended file restrictions, cause a Denial of Service or execute arbitrary code. Versions less than 3.6.25 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6150, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4476, CVE-2013-4496, CVE-2014-0178, CVE-2014-0239, CVE-2014-0244, CVE-2014-3493, CVE-2015-0240
SHA-256 | 606c956ce8f163cd743c45062fd6201fce247d72cbe7bc650aed2d2440e1861b
Red Hat Security Advisory 2015-0257-01
Posted Feb 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0257-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.

tags | advisory, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2015-0240
SHA-256 | 8d76cd4b796bce158991cd0e1051183c70804b81ce9d0272e76292fb6fc1201a
Ubuntu Security Notice USN-2508-1
Posted Feb 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2508-1 - Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2015-0240
SHA-256 | 8f0eb27d03b4e301f5738acc1808a68c1d0bbee2df8f1929bbc908fecacc20be
Debian Security Advisory 3171-1
Posted Feb 24, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3171-1 - Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection.

tags | advisory, remote, root, code execution
systems | linux, unix, debian
advisories | CVE-2015-0240
SHA-256 | 3a3f953fda09a742df9d1191a2a8a008bfb65321af16ac862f950df2fe6b22a1
Red Hat Security Advisory 2015-0250-01
Posted Feb 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0250-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.

tags | advisory, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2015-0240
SHA-256 | 223f087cb4c18b5e0df4bbb85c9e8c9802320e9a7503f9196e17bcd0c3f87e1a
Red Hat Security Advisory 2015-0254-01
Posted Feb 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0254-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.

tags | advisory, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2015-0240
SHA-256 | 396be548967c22bd3cfcf184d1b4b49564094a2ab6b42daf22a9788fe15649e8
Red Hat Security Advisory 2015-0252-01
Posted Feb 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0252-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.

tags | advisory, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2015-0240
SHA-256 | 90e5160b394e909032d08c8d71259155a8f664cabf465508cf1381d7bc647339
Red Hat Security Advisory 2015-0251-01
Posted Feb 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0251-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.

tags | advisory, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2015-0240
SHA-256 | 3e27df70935a97c29c3bc1050f9042e807f4ffc3f4197c8673145842ae07c09e
Red Hat Security Advisory 2015-0249-01
Posted Feb 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0249-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.

tags | advisory, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2015-0240
SHA-256 | 053bc1510a3be04466b10bbd8804b882a6add648db0c66bcfbe4dd30016cdbfe
Red Hat Security Advisory 2015-0252-01
Posted Feb 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0252-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.

tags | advisory, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2015-0240
SHA-256 | e44b9c545254680c21421cab45a6331b3e099d99facf78667d0a998df43b7c4a
Red Hat Security Advisory 2015-0256-01
Posted Feb 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0256-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.

tags | advisory, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2015-0240
SHA-256 | ec46e600dcabda559a0e3ba2be776e8ee6d00d84b7580e9b7a7b574ae8035edf
Red Hat Security Advisory 2015-0255-01
Posted Feb 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0255-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.

tags | advisory, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2015-0240
SHA-256 | d09ca20340cf3e1cfb11f15e9cd087fa31ba7037c053a37f8a76ceebc3b53f29
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close