Samba 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases in order
to address CVE-2015-0240 (Unexpected code execution in smbd).
Samba 3.6.25 also includes a fix for CVE-2014-0178 (Malformed
*** This bug has been marked as a duplicate of bug 511764 ***
As CVE-2015-0240 allows direct remote execution with root privileges(NO authentication required) and there is no known workaround for Samba versions prior to 4.0, i am reassigning this as A0
Arch teams, please test and mark stable =net-fs/samba-3.6.25
Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for alpha/amd64/arm/ia64/ppc/ppc64/sparc/x86
Stable for HPPA.
This issue was resolved and addressed in
GLSA 201502-15 at http://security.gentoo.org/glsa/glsa-201502-15.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).
Patch for samba 3.5.22 (which in portage now):
Please, modify ebuild for this version.
(In reply to Zhuchenko Valery from comment #7)
> Patch for samba 3.5.22 (which in portage now):
> 23-Feb-2015 03:01
> Please, modify ebuild for this version.
Thank you for opening a separate bug report. This bug is closed.
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before
3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5
performs a free operation on an uninitialized stack pointer, which allows
remote attackers to execute arbitrary code via crafted Netlogon packets that
use the ServerPasswordSet RPC API, as demonstrated by packets reaching the
_netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.