Vulnerability Details : CVE-2015-0240
Public exploit exists!
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
Vulnerability category: Execute code
Threat overview for CVE-2015-0240
Top countries where our scanners detected CVE-2015-0240
Top open port discovered on systems with this issue
53
IPs affected by CVE-2015-0240 146,077
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-0240!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-0240
Probability of exploitation activity in the next 30 days: 97.40%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2015-0240
-
Samba _netr_ServerPasswordSet Uninitialized Credential State
First seen: 2020-04-26auxiliary/scanner/smb/smb_uninit_credThis module checks if a Samba target is vulnerable to an uninitialized variable creds vulnerability. Authors: - Richard van Eeden - sleepya - sinn3r <sinn3r@metasploit.com>
CVSS scores for CVE-2015-0240
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-0240
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0240
-
http://rhn.redhat.com/errata/RHSA-2015-0250.html
RHSA-2015:0250 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-0251.html
RHSA-2015:0251 - Security Advisory - Red Hat Customer Portal
-
http://marc.info/?l=bugtraq&m=142722696102151&w=2
'[security bulletin] HPSBGN03288 rev.1 - HP Server Automation, Remote Arbitrary Code Execution' - MARC
-
http://advisories.mageia.org/MGASA-2015-0084.html
Mageia Advisory: MGASA-2015-0084 - Updated samba packages fix CVE-2015-0240
-
http://rhn.redhat.com/errata/RHSA-2015-0255.html
RHSA-2015:0255 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
[security-announce] openSUSE-SU-2016:1064-1: important: Security update
-
http://www.securityfocus.com/bid/72711
Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2015-0249.html
RHSA-2015:0249 - Security Advisory - Red Hat Customer Portal
-
https://support.lenovo.com/us/en/product_security/samba_remote_vuln
Samba Remote Code Execution Vulnerability - US
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:081
mandriva.com
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
mandriva.com
-
http://rhn.redhat.com/errata/RHSA-2015-0254.html
RHSA-2015:0254 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1031783
Samba smbd Memory Free Error Lets Remote Users Execute Arbitrary Code with Root Privileges - SecurityTracker
-
https://www.exploit-db.com/exploits/36741/
Samba < 3.6.2 (x86) - Denial of Service (PoC) - Linux_x86 dos Exploit
-
http://rhn.redhat.com/errata/RHSA-2015-0256.html
RHSA-2015:0256 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html
[security-announce] SUSE-SU-2015:0386-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2015-0257.html
RHSA-2015:0257 - Security Advisory - Red Hat Customer Portal
-
http://security.gentoo.org/glsa/glsa-201502-15.xml
Samba: Multiple vulnerabilities (GLSA 201502-15) — Gentoo security
-
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Oracle Bulletin Board Update - January 2015
-
http://www.ubuntu.com/usn/USN-2508-1
USN-2508-1: Samba vulnerability | Ubuntu security notices
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345
The Slackware Linux Project: Slackware Security Advisories
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
[security-announce] openSUSE-SU-2016:1106-1: important: Security update
-
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
Samba vulnerability (CVE-2015-0240) - Red Hat Customer PortalExploit
-
https://support.lenovo.com/product_security/samba_remote_vuln
Samba Remote Code Execution Vulnerability - US
-
http://rhn.redhat.com/errata/RHSA-2015-0252.html
RHSA-2015:0252 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html
[security-announce] SUSE-SU-2015:0353-1: important: Security update for
-
https://www.samba.org/samba/security/CVE-2015-0240
Samba - Security Announcement ArchiveVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1191325
1191325 – (CVE-2015-0240) CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html
[security-announce] SUSE-SU-2015:0371-1: important: Security update for
-
http://www.debian.org/security/2015/dsa-3171
Debian -- Security Information -- DSA-3171-1 samba
-
http://rhn.redhat.com/errata/RHSA-2015-0253.html
RHSA-2015:0253 - Security Advisory - Red Hat Customer Portal
-
http://marc.info/?l=bugtraq&m=143039217203031&w=2
'[security bulletin] HPSBUX03320 SSRT101952 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Servi' - MARC
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
[security-announce] openSUSE-SU-2015:0375-1: important: Security update
-
https://access.redhat.com/articles/1346913
Samba vulnerability (CVE-2015-0240) - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
[security-announce] openSUSE-SU-2016:1107-1: important: Security update
Products affected by CVE-2015-0240
- cpe:2.3:o:novell:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_desktop:12:*:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.18:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.24:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*