Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 541182 (CVE-2015-0240)

Summary: <net-fs/samba-3.6.25: Multiple vulnerabilities (CVE-2014-0178,CVE-2015-0240)
Product: Gentoo Security Reporter: Mike Limansky <limanski>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: blocker CC: samba
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://permalink.gmane.org/gmane.network.samba.announce/331
See Also: https://bugs.gentoo.org/show_bug.cgi?id=542988
Whiteboard: A0 [glsa cve]
Package list:
Runtime testing required: ---

Description Mike Limansky 2015-02-23 21:40:08 UTC 
Samba 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases in order
to address CVE-2015-0240 (Unexpected code execution in smbd). 

Samba 3.6.25 also includes a fix for CVE-2014-0178 (Malformed
FSCTL_SRV_ENUMERATE_SNAPSHOTS response).

Reproducible: Always
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-23 21:46:07 UTC 

*** This bug has been marked as a duplicate of bug 511764 ***
Comment 2 Sergey Popov gentoo-dev 2015-02-24 07:58:10 UTC 
As CVE-2015-0240 allows direct remote execution with root privileges(NO authentication required) and there is no known workaround for Samba versions prior to 4.0, i am reassigning this as A0
Comment 3 Sergey Popov gentoo-dev 2015-02-24 08:21:25 UTC 
Arch teams, please test and mark stable =net-fs/samba-3.6.25

Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 4 Agostino Sarubbo gentoo-dev 2015-02-24 10:09:36 UTC 
Stable for alpha/amd64/arm/ia64/ppc/ppc64/sparc/x86
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2015-02-25 19:28:36 UTC 
Stable for HPPA.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2015-02-26 08:59:40 UTC 
This issue was resolved and addressed in
 GLSA 201502-15 at http://security.gentoo.org/glsa/glsa-201502-15.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 7 Zhuchenko Valery 2015-03-02 09:18:28 UTC 
Patch for samba 3.5.22 (which in portage now):
https://download.samba.org/pub/samba/patches/security/samba-3.5.22-CVE-2015-0240.patch
23-Feb-2015 03:01
Please, modify ebuild for this version.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2015-03-16 15:11:05 UTC 
(In reply to Zhuchenko Valery from comment #7)
> Patch for samba 3.5.22 (which in portage now):
> https://download.samba.org/pub/samba/patches/security/samba-3.5.22-CVE-2015-
> 0240.patch
> 23-Feb-2015 03:01
> Please, modify ebuild for this version.

Thank you for opening a separate bug report. This bug is closed.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2015-06-21 13:21:01 UTC 
CVE-2015-0240 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0240):
  The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before
  3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5
  performs a free operation on an uninitialized stack pointer, which allows
  remote attackers to execute arbitrary code via crafted Netlogon packets that
  use the ServerPasswordSet RPC API, as demonstrated by packets reaching the
  _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.