Bug 1191325 (CVE-2015-0240)
| Summary: | CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | unspecified | CC: | aavati, asn, bressers, dsafford, fweimer, gdeschner, herrmann, ira, jarrpa, madam, nlevinki, pgurusid, rcyriac, rfortier, rhack, rjoseph, rkratky, rlowe, rmonk, sbhaloth, sbose, sdenham, security-response-team, smohan, snagar, ssaha, vagarwal, vbellur, wmealing | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-02-24 07:30:07 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1191338, 1191339, 1191340, 1191341, 1191343, 1191344, 1191387, 1191388, 1191608, 1191879, 1191880, 1191881, 1191882, 1191883, 1191884, 1191885, 1191886, 1194132 | ||||||
| Bug Blocks: | 1191352 | ||||||
| Attachments: |
|
||||||
|
Description
Huzaifa S. Sidhpurwala
2015-02-11 05:02:33 UTC
Created attachment 990468 [details]
Upstream patch against git-master
Acknowledgements: Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. Statement: This issue does not affect the version of samba package as shipped with Red Hat Enterprise Linux 4 and 5. It does affect the version of samba as shipped with Red Hat Enterprise Linux 6 and 7, as well as the version of samba3x shipped with Red Hat Enterprise Linux 5 and the version of samba4 as shipped with Red Hat Enterprise Linux 6. Red Hat Product Security has determined that this vulnerability has Important impact on Red Hat Enterprise Linux 7 because the Samba version shipped in this version of the operating system only executes the vulnerable code after a memory allocation failure, making it more difficult to exploit this flaw. Mitigation: On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available. External References: https://www.samba.org/samba/security/CVE-2015-0240 https://access.redhat.com/articles/1346913 https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:0251 https://rhn.redhat.com/errata/RHSA-2015-0251.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:0250 https://rhn.redhat.com/errata/RHSA-2015-0250.html This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:0249 https://rhn.redhat.com/errata/RHSA-2015-0249.html This issue has been addressed in the following products: Red Hat Enterprise Linux 5.6 Long Life Red Hat Enterprise Linux 5.9 EUS - Server Only Via RHSA-2015:0253 https://rhn.redhat.com/errata/RHSA-2015-0253.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2015:0255 https://rhn.redhat.com/errata/RHSA-2015-0255.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 AUS Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2015:0254 https://rhn.redhat.com/errata/RHSA-2015-0254.html This issue has been addressed in the following products: Red Hat Storage 2.1 Via RHSA-2015:0257 https://rhn.redhat.com/errata/RHSA-2015-0257.html This issue has been addressed in the following products: Red Hat Storage 3 for RHEL 6 Via RHSA-2015:0256 https://rhn.redhat.com/errata/RHSA-2015-0256.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0252 https://rhn.redhat.com/errata/RHSA-2015-0252.html This issue has been addressed in Fedora 20 and Fedora 21 via the following security advisories: https://admin.fedoraproject.org/updates/samba-4.1.17-1.fc20 https://admin.fedoraproject.org/updates/samba-4.1.17-1.fc21 |