Bugzilla – Bug 917376
VUL-0: CVE-2015-0240: samba/talloc: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability.
Last modified: 2021-09-06 07:00:25 UTC
embargoed, via samba vendor bugzilla CRD: 2015-02-16 https://bugzilla.samba.org/show_bug.cgi?id=11077 (i currently cannot access the content)
(In reply to Marcus Meissner from comment #0) > embargoed, via samba vendor bugzilla > > CRD: 2015-02-16 > > https://bugzilla.samba.org/show_bug.cgi?id=11077 > > (i currently cannot access the content) It should be accessible from the vendor account. Here are the details: =========================================================== == Subject: Unexpected code execution in smbd. == == CVE ID#: CVE-2015-0240 == == Versions: Samba 3.5.0 to 4.2.0rc4 == == Summary: Unauthenticated code execution attack on == smbd file services. == =========================================================== =========== Description =========== All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges. ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.2.0rc5, 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available. ======= Credits ======= This problem was found by Richard van Eeden of Microsoft Vulnerability Research, who also provided the fix.
The proposed embargo end date is Monday, Feb 16th. RH have asked for a one-week delay (Feb 24th).
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-02-18. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60652
bugbot adjusting priority
They shifted it one week. CRD: 2015-02-23
Created attachment 623417 [details] 2nd updated patch for 3.6
Created attachment 623418 [details] 2nd updated patch for 4.1
The fixes have been pushed, tagged and announced upstream: https://lists.samba.org/archive/samba-announce/2015/000337.html Please proceed with maintenance releases.
SUSE-SU-2015:0353-1: An update that solves one vulnerability and has 7 fixes is now available. Category: security (important) Bug References: 872912,873922,876312,889175,898031,908627,913238,917376 CVE References: CVE-2015-0240 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): samba-4.1.12-16.1 SUSE Linux Enterprise Server 12 (src): samba-4.1.12-16.1 SUSE Linux Enterprise Desktop 12 (src): samba-4.1.12-16.1
This is an autogenerated message for OBS integration: This bug (917376) was mentioned in https://build.opensuse.org/request/show/287352 13.2+13.1 / samba
SUSE-SU-2015:0371-1: An update that solves one vulnerability and has four fixes is now available. Category: security (important) Bug References: 872912,898031,899558,913001,917376 CVE References: CVE-2015-0240 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): samba-3.6.3-0.56.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): samba-3.6.3-0.56.1, samba-doc-3.6.3-0.56.1 SUSE Linux Enterprise Server 11 SP3 (src): samba-3.6.3-0.56.1, samba-doc-3.6.3-0.56.1 SUSE Linux Enterprise Desktop 11 SP3 (src): samba-3.6.3-0.56.1, samba-doc-3.6.3-0.56.1
openSUSE-SU-2015:0375-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 914279,917376 CVE References: CVE-2014-8143,CVE-2015-0240 Sources used: openSUSE 13.2 (src): samba-4.1.17-5.1 openSUSE 13.1 (src): samba-4.1.17-3.30.1
SUSE-SU-2015:0386-1: An update that solves one vulnerability and has 7 fixes is now available. Category: security (important) Bug References: 872912,882356,883870,886193,898031,899558,913001,917376 CVE References: CVE-2015-0240 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): samba-3.4.3-1.54.39, samba-3.6.3-0.33.43.1, samba-doc-3.6.3-0.33.43.1
This is an autogenerated message for OBS integration: This bug (917376) was mentioned in https://build.opensuse.org/request/show/288513 Factory / samba
was released
openSUSE-SU-2016:1064-1: An update that solves 16 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 898031,901813,912457,913238,913547,914279,917376,919309,924519,936862,942716,946051,947552,949022,958581,958582,958583,958584,958585,958586,964023,966271,968222,968973,971965,972197,973031,973032,973033,973034,973036,973832,974629 CVE References: CVE-2014-8143,CVE-2015-0240,CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2015-8467,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE 13.2 (src): samba-4.2.4-34.1
openSUSE-SU-2016:1106-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 844720,849224,853347,917376,936862,958582,958583,958584,958586,968222,971965,973031,973032,973033,973034,973035,973036 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496,CVE-2015-0240,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2114,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE 13.1 (src): samba-4.2.4-3.54.2
openSUSE-SU-2016:1107-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 844720,849224,853347,917376,936862,958582,958583,958584,958586,968222,971965,973031,973032,973033,973034,973035,973036 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496,CVE-2015-0240,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2114,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE Evergreen 11.4 (src): samba-3.6.3-141.1, samba-doc-3.6.3-141.1
This is an autogenerated message for OBS integration: This bug (917376) was mentioned in via https://casenet.us/ https://build.opensuse.org/request/show/288513 Factory / samba