SMB: Samba CVE-2015-0240 ServerPasswordSet Remote Code Execution
This signature detects attempts to exploit a known vulnerability in Samba server. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious request to the target Samba user.
Extended Description
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
Affected Products
Canonical ubuntu_linux
Short Name
SMB:EXPLOIT:CVE-2015-0240-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SMB
Keywords
CVE-2015-0240 Code Execution Remote Samba ServerPasswordSet bid:72711
Release Date
03/02/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Novell
Samba
Redhat
Canonical
CVSS Score
10.0