CVE-2015-0240: Samba TALLOC_FREE vulnerability

CVE ID

CVE-2015-0240

DESCRIPTION

An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).

Unitrends risk assessment: Severity High

The samba service is running by default on Unitrends servers and the security update needs to be applied.

RESOLUTION

Fixed in:

  • samba3x-3.6.23-9.el5_11 for CentOS5

  • samba-3.6.23-14.el6_6 for CentOS6

To update to the fixed version of samba, obtain the EAPP-601 security update from Unitrends support.

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us