Support Center

Memory Corruption Vulnerability found in Samba smbd daemon

Memory Corruption Vulnerability found in Samba smbd daemon A memory corruption vulnerability (CVE-2015-0240) has been detected in Samba smbd daemon, which provides SMB (Server Message Block) services. SMB is a network protocol native to Windows systems which allows sharing of files and printers across a network. Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems.

A remote, unauthenticated attacker could exploit this vulnerability by sending malicious NetLogon packets to the target server. Successful exploitation could lead to arbitrary code execution with the root privileges. The vendor, Samba, has released an advisory regarding this vulnerability: https://www.samba.org/samba/security/CVE-2015-0240

CVSS Scoring

  • CVSS Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
  • CVSS Temporal Score: 7.4 (E:U/RL:OF/RC:C)

Presently, all versions of Samba from 3.5.0 to 4.2.0rc4 are exposed to this vulnerability. .

The vulnerability is due to the way _netr_ServerPasswordSet() in Samba handles ServerPasswordSet RPC requests. As it processes crafted NetLogon packets, it attempts to free an uninitialized pointer using TALLOC_FREE().

Cyberoam Threat Research Labs is currently studying this vulnerability and shall announce a remedial solution shortly to help mitigate risks for Cyberoam users. Know more about Cyberoam network solutions at www.cyberoam.com and for similar security alerts subscribe to Cyberoam Blogs.

References:

https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
https://www.samba.org/samba/security/CVE-2015-0240

Read more http://www.cyberoam.com/blog/memory-corruption-vulnerability-found-in-samba-smbd-daemon/?utm_source=rss&utm_medium=rss&utm_campaign=memory-corruption-vulnerability-found-in-samba-smbd-daemon