As per upstream samba advisory: All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
Created attachment 990468 [details] Upstream patch against git-master
Acknowledgements: Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue.
Statement: This issue does not affect the version of samba package as shipped with Red Hat Enterprise Linux 4 and 5. It does affect the version of samba as shipped with Red Hat Enterprise Linux 6 and 7, as well as the version of samba3x shipped with Red Hat Enterprise Linux 5 and the version of samba4 as shipped with Red Hat Enterprise Linux 6. Red Hat Product Security has determined that this vulnerability has Important impact on Red Hat Enterprise Linux 7 because the Samba version shipped in this version of the operating system only executes the vulnerable code after a memory allocation failure, making it more difficult to exploit this flaw.
Mitigation: On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available.
External References: https://www.samba.org/samba/security/CVE-2015-0240 https://access.redhat.com/articles/1346913 https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:0251 https://rhn.redhat.com/errata/RHSA-2015-0251.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:0250 https://rhn.redhat.com/errata/RHSA-2015-0250.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:0249 https://rhn.redhat.com/errata/RHSA-2015-0249.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5.6 Long Life Red Hat Enterprise Linux 5.9 EUS - Server Only Via RHSA-2015:0253 https://rhn.redhat.com/errata/RHSA-2015-0253.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2015:0255 https://rhn.redhat.com/errata/RHSA-2015-0255.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 AUS Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2015:0254 https://rhn.redhat.com/errata/RHSA-2015-0254.html
This issue has been addressed in the following products: Red Hat Storage 2.1 Via RHSA-2015:0257 https://rhn.redhat.com/errata/RHSA-2015-0257.html
This issue has been addressed in the following products: Red Hat Storage 3 for RHEL 6 Via RHSA-2015:0256 https://rhn.redhat.com/errata/RHSA-2015-0256.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0252 https://rhn.redhat.com/errata/RHSA-2015-0252.html
This issue has been addressed in Fedora 20 and Fedora 21 via the following security advisories: https://admin.fedoraproject.org/updates/samba-4.1.17-1.fc20 https://admin.fedoraproject.org/updates/samba-4.1.17-1.fc21