HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2015-0240

CVSS 10.0v2.0pub. 2015-02-24upd. 2026-05-06

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Canonical Ubuntu

    OS
    Canonical
    12.0414.0414.10
  • Novell SUSE Linux Enterprise Desktop

    OS
    Novell
    12
  • Novell SUSE Linux Enterprise Server

    OS
    Novell
    12
  • Novell SUSE Linux Enterprise Software Development Kit

    OS
    Novell
    12
  • Red Hat Enterprise Linux

    OS
    Redhat
    56.07.0
  • Samba

    APP
    Samba
    3.5.03.5.13.5.103.5.113.5.123.5.133.5.143.5.153.5.163.5.173.5.183.5.193.5.23.5.203.5.21+ 69 więcej
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2022-0543CRITICAL10.0⚠ KEVten sam produkt

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debia...

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2020-11651CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process Clea...

CVE-2020-7247CRITICAL9.8⚠ KEVten sam produkt

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote att...