CVE-2015-0005
published 2015-03-11CVE-2015-0005: The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is…
PriorityP432medium4.3CVSS 2.0
AVAACMAuNCPIPAN
EPSS
18.17%
96.8th percentile
The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."
Affected
232 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | samba | < samba 2:4.3.7+dfsg-1 (bookworm) | samba 2:4.3.7+dfsg-1 (bookworm) |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:A/AC:M/Au:N/C:P/I:P/A:N
osv4.3MEDIUM
vendor_redhat5.5MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: platform/x86: x86-android-tablets: Unregister devices in reverse order
vendor_redhat·2024-07-12·CVSS 5.5
CVE-2024-40975 [MEDIUM] CWE-911 kernel: platform/x86: x86-android-tablets: Unregister devices in reverse order
kernel: platform/x86: x86-android-tablets: Unregister devices in reverse order
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: x86-android-tablets: Unregister devices in reverse order
Not all subsystems support a device getting removed while there are
still consumers of the device with a reference to the device.
One example of this is the regulator subsystem. If a regulator gets
unregistered while there are still drivers holding a reference
a WARN() at drivers/regulator/core.c:5829 triggers, e.g.:
WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:5829 regulator_unregister
Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLADE_21.X64.0005.R00.1504101516 FFD8_X64_R_2015_04_10_1516 04/10/2015
RIP: 0010:regulator_unregister
Call Trace:
Red Hat
samba: Spoofing vulnerability when domain controller is configured
vendor_redhat·2016-04-12·CVSS 4.3
CVE-2016-2111 [MEDIUM] CWE-290 samba: Spoofing vulnerability when domain controller is configured
samba: Spoofing vulnerability when domain controller is configured
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine.
Package: samba (Red Hat Enterprise Linux Extended Upd
Debian
CVE-2016-2111: samba - The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and...
vendor_debian·2016·CVSS 4.3
CVE-2016-2111 [MEDIUM] CVE-2016-2111: samba - The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and...
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
Scope: local
bookworm: resolved (fixed in 2:4.3.7+dfsg-1)
bullseye: resolved (fixed in 2:4.3.7+dfsg-1)
forky: resolved (fixed in 2:4.3.7+dfsg-1)
sid: resolved (fixed in 2:4.3.7+dfsg-1)
trixie: resolved (fixed in 2:4.3.7+dfsg-1)
GHSA
GHSA-x65g-mfcj-xhc5: The NETLOGON service in Samba 3
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2016-2111 [MEDIUM] GHSA-x65g-mfcj-xhc5: The NETLOGON service in Samba 3
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
GHSA
GHSA-x38p-wh5w-wmgx: The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Cont
ghsa_unreviewed·2022-05-14
CVE-2015-0005 [MEDIUM] GHSA-x38p-wh5w-wmgx: The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Cont
The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."
OSV
CVE-2016-2111: The NETLOGON service in Samba 3
osv·2016-04-25·CVSS 4.3
CVE-2016-2111 [MEDIUM] CVE-2016-2111: The NETLOGON service in Samba 3
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
blogs_talos·2015-03-10·CVSS 9.3
[CRITICAL] Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
## Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins being released which address 45 CVEs. The first 5 bulletins are rated critical and address vulnerabilities within Internet Explorer, Office, Windows, and VBScript. The remaining 9 bulletins are rated important and cover vulnerabilities within Windows Kernel Mode Drivers, Exchange, Task Scheduler, Remote Desktop, SChannel, and the Microsoft Graphics component.
## Bulletins Rated Critical MS15-018, MS15-019, MS15-020, MS15-021, and MS15-022 are rated Critical.
MS15-018 addresses multiple vulnerabilities within Internet Explor
Talos
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
blogs_talos·2015-03-10·CVSS 9.3
[CRITICAL] Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins being released which address 45 CVEs. The first 5 bulletins are rated critical and address vulnerabilities within Internet Explorer, Office, Windows, and VBScript. The remaining 9 bulletins are rated important and cover vulnerabilities within Windows Kernel Mode Drivers, Exchange, Task Scheduler, Remote Desktop, SChannel, and the Microsoft Graphics component.
### Bulletins Rated CriticalMS15-018, MS15-019, MS15-020, MS15-021, and MS15-022 are rated Critical.
MS15-018 addresses multiple vulnerabilities within Internet Explorer, versions 6 through 11. 12 CVEs were resolved this month, including CVE-2015-0
Bugzilla
CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
bugzilla·2016-02-25·CVSS 4.3
CVE-2016-2111 [MEDIUM] CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
An authentication flaw was found in Samba. When Samba is configured to act as a Domain Controller, it allows remote attackers to spoof the computer name of a secure channel's endpoints. The attacker could exploit this flaw to obtain sensitive session information by running a crafted application and leveraging the ability to sniff network traffic.
This flaw only affects Samba running as a classic primary domain controller, classic backup domain controller, or Active Directory domain controller. Note: This flaw is referred to as CVE-2015-0005 for Microsoft Windows Server.
Discussion:
Acknowledgements:
Name: the Samba project
---
External Reference:
https://access.redhat.com/articles/2243351
---
Public
http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.htmlhttp://seclists.org/fulldisclosure/2015/Mar/60http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validationhttp://www.securitytracker.com/id/1031891https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027https://www.samba.org/samba/history/samba-4.2.10.htmlhttp://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.htmlhttp://seclists.org/fulldisclosure/2015/Mar/60http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validationhttp://www.securitytracker.com/id/1031891https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027https://www.samba.org/samba/history/samba-4.2.10.html
2015-03-11
Published