Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2015-0240 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Suse Linux Enterprise Server
Severity
10.0CRITICALNVD
EPSS
89.7%
top 0.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedFeb 24
Latest updateMay 14
Description
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages5 packages
Also affects: Ubuntu Linux 12.04, 14.04, 14.10, Enterprise Linux 5, 6.0, 7.0
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
1Bugzilla▶
CVE-2015-0240 samba: talloc free on uninitialized stack pointer in netlogon server could lead to remote-code execution↗2015-02-11