{"id":"CVE-2015-0240","details":"The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.","modified":"2026-04-16T06:19:10.973911080Z","published":"2015-02-24T01:59:00Z","related":["SUSE-SU-2015:0353-1","SUSE-SU-2015:0371-1","SUSE-SU-2015:0386-1","openSUSE-SU-2024:10069-1"],"references":[{"type":"ADVISORY","url":"http://advisories.mageia.org/MGASA-2015-0084.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0249.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0250.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0251.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0252.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0253.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0254.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0255.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0256.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0257.html"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-201502-15.xml"},{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3171"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:081"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:082"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2508-1"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2015-0240"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20250509-0001/"},{"type":"EVIDENCE","url":"https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191325"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"},{"type":"WEB","url":"http://marc.info/?l=bugtraq&m=142722696102151&w=2"},{"type":"WEB","url":"http://marc.info/?l=bugtraq&m=143039217203031&w=2"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/72711"},{"type":"WEB","url":"http://www.securitytracker.com/id/1031783"},{"type":"WEB","url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345"},{"type":"WEB","url":"https://access.redhat.com/articles/1346913"},{"type":"WEB","url":"https://support.lenovo.com/product_security/samba_remote_vuln"},{"type":"WEB","url":"https://support.lenovo.com/us/en/product_security/samba_remote_vuln"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/36741/"}],"schema_version":"1.7.5"}