HackDig : Dig high-quality web security articles for hacker

VERT Threat Alert: Samba Remote Code Execution

2015-02-24 18:25

Vulnerability Description

All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon.

 

Exposure & Impact

A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
CVE-2015-0240
CVSS – 7.9

 

Remediation & Mitigation

VERT suggests that users install patches that are being released by the various distributions today.

 

Detection

The February 25th ASPL package will include coverage for CVE-2015-0240 on RHEL, CentOS, Ubuntu, Debian, and OEL.

 

References

https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/

https://www.samba.org/samba/security/CVE-2015-0240

https://access.redhat.com/security/cve/CVE-2015-0240


Source: /80_CuN3NOae/3~/ytiruces-fo-etats-eriwpirt/r~/moc.elgoog.yxorpdeef

Read:4252 | Comments:0 | Tags:Vulnerability Management Samba VERT

“VERT Threat Alert: Samba Remote Code Execution”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud