CVE-2015-0240
Samba < 3.6.2 (x86) - Denial of Service (PoC)
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
La implentación del servidor Netlogon en smbd en Samba 3.5.x y 3.6.x anterior a 3.6.25, 4.0.x anterior a 4.0.25, 4.1.x anterior a 4.1.17, y 4.2.x anterior a 4.2.0rc5 realiza una operación libre sobre un puntero de pila no inicializado, lo que permite a atacantes remotos ejecutar código arbitrario a través de paquetes Netlogon manipulados que utilizan la API RPC ServerPasswordSet, tal y como fue demostrado mediante paquetes alcanzando la función _netr_ServerPasswordSet en rpc_server/netlogon/srv_netlog_nt.c.
An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).
In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication. Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS ame service. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-11-18 CVE Reserved
- 2015-02-23 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-17: DEPRECATED: Code
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (40)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/180975 | 2024-09-01 | |
| https://www.exploit-db.com/exploits/36741 | 2024-08-06 | |
| https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240 | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5 Search vendor "Redhat" for product "Enterprise Linux" and version "5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.0 Search vendor "Samba" for product "Samba" and version "3.5.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.1 Search vendor "Samba" for product "Samba" and version "3.5.1" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.2 Search vendor "Samba" for product "Samba" and version "3.5.2" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.3 Search vendor "Samba" for product "Samba" and version "3.5.3" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.4 Search vendor "Samba" for product "Samba" and version "3.5.4" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.5 Search vendor "Samba" for product "Samba" and version "3.5.5" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.6 Search vendor "Samba" for product "Samba" and version "3.5.6" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.7 Search vendor "Samba" for product "Samba" and version "3.5.7" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.8 Search vendor "Samba" for product "Samba" and version "3.5.8" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.9 Search vendor "Samba" for product "Samba" and version "3.5.9" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.10 Search vendor "Samba" for product "Samba" and version "3.5.10" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.11 Search vendor "Samba" for product "Samba" and version "3.5.11" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.12 Search vendor "Samba" for product "Samba" and version "3.5.12" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.13 Search vendor "Samba" for product "Samba" and version "3.5.13" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.14 Search vendor "Samba" for product "Samba" and version "3.5.14" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.15 Search vendor "Samba" for product "Samba" and version "3.5.15" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.16 Search vendor "Samba" for product "Samba" and version "3.5.16" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.17 Search vendor "Samba" for product "Samba" and version "3.5.17" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.18 Search vendor "Samba" for product "Samba" and version "3.5.18" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.19 Search vendor "Samba" for product "Samba" and version "3.5.19" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.20 Search vendor "Samba" for product "Samba" and version "3.5.20" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.21 Search vendor "Samba" for product "Samba" and version "3.5.21" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.5.22 Search vendor "Samba" for product "Samba" and version "3.5.22" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.0 Search vendor "Samba" for product "Samba" and version "3.6.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.1 Search vendor "Samba" for product "Samba" and version "3.6.1" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.2 Search vendor "Samba" for product "Samba" and version "3.6.2" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.10 Search vendor "Samba" for product "Samba" and version "3.6.10" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.11 Search vendor "Samba" for product "Samba" and version "3.6.11" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.12 Search vendor "Samba" for product "Samba" and version "3.6.12" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.13 Search vendor "Samba" for product "Samba" and version "3.6.13" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.14 Search vendor "Samba" for product "Samba" and version "3.6.14" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.15 Search vendor "Samba" for product "Samba" and version "3.6.15" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.16 Search vendor "Samba" for product "Samba" and version "3.6.16" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.17 Search vendor "Samba" for product "Samba" and version "3.6.17" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.18 Search vendor "Samba" for product "Samba" and version "3.6.18" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.19 Search vendor "Samba" for product "Samba" and version "3.6.19" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.20 Search vendor "Samba" for product "Samba" and version "3.6.20" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.21 Search vendor "Samba" for product "Samba" and version "3.6.21" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.22 Search vendor "Samba" for product "Samba" and version "3.6.22" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.23 Search vendor "Samba" for product "Samba" and version "3.6.23" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.24 Search vendor "Samba" for product "Samba" and version "3.6.24" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.0 Search vendor "Samba" for product "Samba" and version "4.0.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.1 Search vendor "Samba" for product "Samba" and version "4.0.1" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.2 Search vendor "Samba" for product "Samba" and version "4.0.2" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.3 Search vendor "Samba" for product "Samba" and version "4.0.3" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.4 Search vendor "Samba" for product "Samba" and version "4.0.4" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.5 Search vendor "Samba" for product "Samba" and version "4.0.5" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.6 Search vendor "Samba" for product "Samba" and version "4.0.6" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.7 Search vendor "Samba" for product "Samba" and version "4.0.7" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.8 Search vendor "Samba" for product "Samba" and version "4.0.8" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.9 Search vendor "Samba" for product "Samba" and version "4.0.9" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.10 Search vendor "Samba" for product "Samba" and version "4.0.10" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.11 Search vendor "Samba" for product "Samba" and version "4.0.11" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.12 Search vendor "Samba" for product "Samba" and version "4.0.12" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.13 Search vendor "Samba" for product "Samba" and version "4.0.13" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.14 Search vendor "Samba" for product "Samba" and version "4.0.14" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.15 Search vendor "Samba" for product "Samba" and version "4.0.15" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.16 Search vendor "Samba" for product "Samba" and version "4.0.16" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.17 Search vendor "Samba" for product "Samba" and version "4.0.17" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.18 Search vendor "Samba" for product "Samba" and version "4.0.18" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.19 Search vendor "Samba" for product "Samba" and version "4.0.19" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.20 Search vendor "Samba" for product "Samba" and version "4.0.20" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.21 Search vendor "Samba" for product "Samba" and version "4.0.21" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.22 Search vendor "Samba" for product "Samba" and version "4.0.22" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.23 Search vendor "Samba" for product "Samba" and version "4.0.23" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.24 Search vendor "Samba" for product "Samba" and version "4.0.24" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.0 Search vendor "Samba" for product "Samba" and version "4.1.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.1 Search vendor "Samba" for product "Samba" and version "4.1.1" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.2 Search vendor "Samba" for product "Samba" and version "4.1.2" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.3 Search vendor "Samba" for product "Samba" and version "4.1.3" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.4 Search vendor "Samba" for product "Samba" and version "4.1.4" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.5 Search vendor "Samba" for product "Samba" and version "4.1.5" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.6 Search vendor "Samba" for product "Samba" and version "4.1.6" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.7 Search vendor "Samba" for product "Samba" and version "4.1.7" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.8 Search vendor "Samba" for product "Samba" and version "4.1.8" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.9 Search vendor "Samba" for product "Samba" and version "4.1.9" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.10 Search vendor "Samba" for product "Samba" and version "4.1.10" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.11 Search vendor "Samba" for product "Samba" and version "4.1.11" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.12 Search vendor "Samba" for product "Samba" and version "4.1.12" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.13 Search vendor "Samba" for product "Samba" and version "4.1.13" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.14 Search vendor "Samba" for product "Samba" and version "4.1.14" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.15 Search vendor "Samba" for product "Samba" and version "4.1.15" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.16 Search vendor "Samba" for product "Samba" and version "4.1.16" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.2.0 Search vendor "Samba" for product "Samba" and version "4.2.0" | rc1 |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.2.0 Search vendor "Samba" for product "Samba" and version "4.2.0" | rc2 |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.2.0 Search vendor "Samba" for product "Samba" and version "4.2.0" | rc3 |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.2.0 Search vendor "Samba" for product "Samba" and version "4.2.0" | rc4 |
Affected
| ||||||
| Novell Search vendor "Novell" | Suse Linux Enterprise Desktop Search vendor "Novell" for product "Suse Linux Enterprise Desktop" | 12 Search vendor "Novell" for product "Suse Linux Enterprise Desktop" and version "12" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Suse Linux Enterprise Server Search vendor "Novell" for product "Suse Linux Enterprise Server" | 12 Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "12" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Suse Linux Enterprise Software Development Kit Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit" | 12 Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit" and version "12" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
| ||||||