=========================================================== == Subject: Unexpected code execution in smbd. == == CVE ID#: CVE-2015-0240 == == Versions: Samba 3.5.0 to 4.2.0rc4 == == Summary: Unauthenticated code execution attack on == smbd file services. == =========================================================== =========== Description =========== All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges. ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.2.0rc5, 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available. ======= Credits ======= This problem was found by Richard van Eeden of Microsoft Vulnerability Research, who also provided the fix.