{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-02-23T00:00:00.000Z","descriptions":[{"lang":"en","value":"The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-12-06T18:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"HPSBUX03320","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=143039217203031&w=2"},{"name":"RHSA-2015:0257","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0257.html"},{"name":"RHSA-2015:0254","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0254.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/"},{"tags":["x_refsource_CONFIRM"],"url":"http://advisories.mageia.org/MGASA-2015-0084.html"},{"name":"SSA:2015-064-01","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345"},{"name":"36741","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/36741/"},{"name":"RHSA-2015:0250","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0250.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.lenovo.com/product_security/samba_remote_vuln"},{"name":"SSRT101952","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=143039217203031&w=2"},{"name":"USN-2508-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2508-1"},{"name":"openSUSE-SU-2016:1064","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"},{"name":"SUSE-SU-2015:0386","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html"},{"name":"RHSA-2015:0253","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0253.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.samba.org/samba/security/CVE-2015-0240"},{"name":"72711","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/72711"},{"name":"RHSA-2015:0249","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0249.html"},{"name":"RHSA-2015:0251","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0251.html"},{"name":"GLSA-201502-15","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-201502-15.xml"},{"name":"DSA-3171","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2015/dsa-3171"},{"name":"1031783","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1031783"},{"name":"RHSA-2015:0252","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0252.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191325"},{"name":"MDVSA-2015:082","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:082"},{"name":"HPSBGN03288","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=142722696102151&w=2"},{"name":"openSUSE-SU-2016:1106","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.lenovo.com/us/en/product_security/samba_remote_vuln"},{"name":"MDVSA-2015:081","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:081"},{"name":"RHSA-2015:0255","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0255.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://access.redhat.com/articles/1346913"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"},{"name":"openSUSE-SU-2016:1107","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"},{"name":"openSUSE-SU-2015:0375","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html"},{"name":"RHSA-2015:0256","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0256.html"},{"name":"SSRT101979","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=142722696102151&w=2"},{"name":"SUSE-SU-2015:0371","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html"},{"name":"SUSE-SU-2015:0353","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html"}]},"adp":[{"title":"CVE Program Container","references":[{"name":"HPSBUX03320","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=143039217203031&w=2"},{"name":"RHSA-2015:0257","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0257.html"},{"name":"RHSA-2015:0254","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0254.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://advisories.mageia.org/MGASA-2015-0084.html"},{"name":"SSA:2015-064-01","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345"},{"name":"36741","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/36741/"},{"name":"RHSA-2015:0250","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0250.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.lenovo.com/product_security/samba_remote_vuln"},{"name":"SSRT101952","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=143039217203031&w=2"},{"name":"USN-2508-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2508-1"},{"name":"openSUSE-SU-2016:1064","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"},{"name":"SUSE-SU-2015:0386","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html"},{"name":"RHSA-2015:0253","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0253.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.samba.org/samba/security/CVE-2015-0240"},{"name":"72711","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/72711"},{"name":"RHSA-2015:0249","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0249.html"},{"name":"RHSA-2015:0251","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0251.html"},{"name":"GLSA-201502-15","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-201502-15.xml"},{"name":"DSA-3171","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2015/dsa-3171"},{"name":"1031783","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1031783"},{"name":"RHSA-2015:0252","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0252.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191325"},{"name":"MDVSA-2015:082","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:082"},{"name":"HPSBGN03288","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=142722696102151&w=2"},{"name":"openSUSE-SU-2016:1106","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.lenovo.com/us/en/product_security/samba_remote_vuln"},{"name":"MDVSA-2015:081","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:081"},{"name":"RHSA-2015:0255","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0255.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://access.redhat.com/articles/1346913"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"},{"name":"openSUSE-SU-2016:1107","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"},{"name":"openSUSE-SU-2015:0375","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html"},{"name":"RHSA-2015:0256","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2015-0256.html"},{"name":"SSRT101979","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=142722696102151&w=2"},{"name":"SUSE-SU-2015:0371","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html"},{"name":"SUSE-SU-2015:0353","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html"},{"url":"https://security.netapp.com/advisory/ntap-20250509-0001/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-05-09T20:03:27.070Z"}}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2015-0240","datePublished":"2015-02-24T01:00:00.000Z","dateReserved":"2014-11-18T00:00:00.000Z","dateUpdated":"2025-05-09T20:03:27.070Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}