Unrated severityNVD Advisory· Published Feb 24, 2015· Updated May 6, 2026
CVE-2015-0240
CVE-2015-0240
Description
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
Affected products
5- osv-coords5 versionspkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 4.5.0-1.1+ 4 more
- (no CPE)range: < 4.5.0-1.1
- (no CPE)range: < 4.1.12-16.1
- (no CPE)range: < 4.1.12-16.1
- (no CPE)range: < 4.1.12-16.1
- (no CPE)range: < 4.1.12-16.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
36- securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/nvdExploit
- www.samba.org/samba/security/CVE-2015-0240nvdVendor Advisory
- advisories.mageia.org/MGASA-2015-0084.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlnvd
- marc.infonvd
- marc.infonvd
- rhn.redhat.com/errata/RHSA-2015-0249.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0250.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0251.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0252.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0253.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0254.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0255.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0256.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0257.htmlnvd
- security.gentoo.org/glsa/glsa-201502-15.xmlnvd
- www.debian.org/security/2015/dsa-3171nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvd
- www.securityfocus.com/bid/72711nvd
- www.securitytracker.com/id/1031783nvd
- www.slackware.com/security/viewer.phpnvd
- www.ubuntu.com/usn/USN-2508-1nvd
- access.redhat.com/articles/1346913nvd
- bugzilla.redhat.com/show_bug.cginvd
- security.netapp.com/advisory/ntap-20250509-0001/nvd
- support.lenovo.com/product_security/samba_remote_vulnnvd
- support.lenovo.com/us/en/product_security/samba_remote_vulnnvd
- www.exploit-db.com/exploits/36741/nvd
News mentions
0No linked articles in our index yet.