Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 541182 (CVE-2015-0240) - <net-fs/samba-3.6.25: Multiple vulnerabilities (CVE-2014-0178,CVE-2015-0240)
Summary: <net-fs/samba-3.6.25: Multiple vulnerabilities (CVE-2014-0178,CVE-2015-0240)
Status: RESOLVED FIXED
Alias: CVE-2015-0240
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal blocker
Assignee: Gentoo Security
URL: http://permalink.gmane.org/gmane.netw...
Whiteboard: A0 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-23 21:40 UTC by Mike Limansky
Modified: 2015-07-21 01:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Limansky 2015-02-23 21:40:08 UTC
Samba 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases in order
to address CVE-2015-0240 (Unexpected code execution in smbd). 

Samba 3.6.25 also includes a fix for CVE-2014-0178 (Malformed
FSCTL_SRV_ENUMERATE_SNAPSHOTS response).

Reproducible: Always
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-23 21:46:07 UTC

*** This bug has been marked as a duplicate of bug 511764 ***
Comment 2 Sergey Popov (RETIRED) gentoo-dev 2015-02-24 07:58:10 UTC
As CVE-2015-0240 allows direct remote execution with root privileges(NO authentication required) and there is no known workaround for Samba versions prior to 4.0, i am reassigning this as A0
Comment 3 Sergey Popov (RETIRED) gentoo-dev 2015-02-24 08:21:25 UTC
Arch teams, please test and mark stable =net-fs/samba-3.6.25

Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 4 Agostino Sarubbo gentoo-dev 2015-02-24 10:09:36 UTC
Stable for alpha/amd64/arm/ia64/ppc/ppc64/sparc/x86
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2015-02-25 19:28:36 UTC
Stable for HPPA.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2015-02-26 08:59:40 UTC
This issue was resolved and addressed in
 GLSA 201502-15 at http://security.gentoo.org/glsa/glsa-201502-15.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 7 Zhuchenko Valery 2015-03-02 09:18:28 UTC
Patch for samba 3.5.22 (which in portage now):
https://download.samba.org/pub/samba/patches/security/samba-3.5.22-CVE-2015-0240.patch
23-Feb-2015 03:01
Please, modify ebuild for this version.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2015-03-16 15:11:05 UTC
(In reply to Zhuchenko Valery from comment #7)
> Patch for samba 3.5.22 (which in portage now):
> https://download.samba.org/pub/samba/patches/security/samba-3.5.22-CVE-2015-
> 0240.patch
> 23-Feb-2015 03:01
> Please, modify ebuild for this version.

Thank you for opening a separate bug report. This bug is closed.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2015-06-21 13:21:01 UTC
CVE-2015-0240 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0240):
  The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before
  3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5
  performs a free operation on an uninitialized stack pointer, which allows
  remote attackers to execute arbitrary code via crafted Netlogon packets that
  use the ServerPasswordSet RPC API, as demonstrated by packets reaching the
  _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.