Описание
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).
Отчет
This issue does not affect the version of samba package as shipped with Red Hat Enterprise Linux 4 and 5. It does affect the version of samba as shipped with Red Hat Enterprise Linux 6 and 7, as well as the version of samba3x shipped with Red Hat Enterprise Linux 5 and the version of samba4 as shipped with Red Hat Enterprise Linux 6. Red Hat Product Security has determined that this vulnerability has Important impact on Red Hat Enterprise Linux 7 because the Samba version shipped in this version of the operating system only executes the vulnerable code after a memory allocation failure, making it more difficult to exploit this flaw.
Меры по смягчению последствий
On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | samba | Not affected | ||
| Red Hat Enterprise Linux 5 | samba | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.6 | samba3x | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 6.2 | samba4 | Not affected | ||
| Red Hat Enterprise Linux 5 | samba3x | Fixed | RHSA-2015:0249 | 23.02.2015 |
| Red Hat Enterprise Linux 5.6 Long Life | samba3x | Fixed | RHSA-2015:0253 | 23.02.2015 |
| Red Hat Enterprise Linux 5.9 Extended Update Support | samba3x | Fixed | RHSA-2015:0253 | 23.02.2015 |
| Red Hat Enterprise Linux 6 | samba4 | Fixed | RHSA-2015:0250 | 23.02.2015 |
| Red Hat Enterprise Linux 6 | samba | Fixed | RHSA-2015:0251 | 23.02.2015 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | samba | Fixed | RHSA-2015:0254 | 23.02.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.9 High
CVSS2
Связанные уязвимости
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x be ...
EPSS
7.9 High
CVSS2