FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- Unexpected code execution in smbd

Affected packages
4.0.0 <= samba4 < 4.0.25
4.1.0 <= samba41 < 4.1.17
3.6.0 <= samba36 < 3.6.25

Details

VuXML ID 996c219c-bbb1-11e4-88ae-d050992ecde8
Discovery 2015-02-23
Entry 2015-02-23

Samba developement team reports:

All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon.

A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.

References

CVE Name CVE-2015-0240
URL https://www.samba.org/samba/security/CVE-2015-0240