Samba 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases in order to address CVE-2015-0240 (Unexpected code execution in smbd). Samba 3.6.25 also includes a fix for CVE-2014-0178 (Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response). Reproducible: Always
*** This bug has been marked as a duplicate of bug 511764 ***
As CVE-2015-0240 allows direct remote execution with root privileges(NO authentication required) and there is no known workaround for Samba versions prior to 4.0, i am reassigning this as A0
Arch teams, please test and mark stable =net-fs/samba-3.6.25 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for alpha/amd64/arm/ia64/ppc/ppc64/sparc/x86
Stable for HPPA.
This issue was resolved and addressed in GLSA 201502-15 at http://security.gentoo.org/glsa/glsa-201502-15.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
Patch for samba 3.5.22 (which in portage now): https://download.samba.org/pub/samba/patches/security/samba-3.5.22-CVE-2015-0240.patch 23-Feb-2015 03:01 Please, modify ebuild for this version.
(In reply to Zhuchenko Valery from comment #7) > Patch for samba 3.5.22 (which in portage now): > https://download.samba.org/pub/samba/patches/security/samba-3.5.22-CVE-2015- > 0240.patch > 23-Feb-2015 03:01 > Please, modify ebuild for this version. Thank you for opening a separate bug report. This bug is closed.
CVE-2015-0240 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0240): The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.