Summary: | <net-fs/samba-3.6.25: Multiple vulnerabilities (CVE-2014-0178,CVE-2015-0240) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Limansky <limanski> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | blocker | CC: | samba |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://permalink.gmane.org/gmane.network.samba.announce/331 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=542988 | ||
Whiteboard: | A0 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Limansky
2015-02-23 21:40:08 UTC
*** This bug has been marked as a duplicate of bug 511764 *** As CVE-2015-0240 allows direct remote execution with root privileges(NO authentication required) and there is no known workaround for Samba versions prior to 4.0, i am reassigning this as A0 Arch teams, please test and mark stable =net-fs/samba-3.6.25 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for alpha/amd64/arm/ia64/ppc/ppc64/sparc/x86 Stable for HPPA. This issue was resolved and addressed in GLSA 201502-15 at http://security.gentoo.org/glsa/glsa-201502-15.xml by GLSA coordinator Kristian Fiskerstrand (K_F). Patch for samba 3.5.22 (which in portage now): https://download.samba.org/pub/samba/patches/security/samba-3.5.22-CVE-2015-0240.patch 23-Feb-2015 03:01 Please, modify ebuild for this version. (In reply to Zhuchenko Valery from comment #7) > Patch for samba 3.5.22 (which in portage now): > https://download.samba.org/pub/samba/patches/security/samba-3.5.22-CVE-2015- > 0240.patch > 23-Feb-2015 03:01 > Please, modify ebuild for this version. Thank you for opening a separate bug report. This bug is closed. CVE-2015-0240 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0240): The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. |