Vulnearability in the smbd file server daemon code assigned CVE-2015-0240. All versions of Samba 3.5.0 or higher
Unexpected code execution in smbd.
Versions: SAll versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code
would execute with root privileges.amba 3.5.0 to 4.2.0rc4
The vulnerability it is not easy to exploit and we are not aware of public exploits. However, the attack can be implemented in many different ways and the fact that it is not required to be authenticated makes it easy for the attackers.
Implementing the protection requires coverage of multiple protocol stack configurations and multi commands over SMB.
US-CERT recommends users and administrators refer to their respective Linux OS vendor(s) for an appropriate patch if affected. Patches are currently available from Debian (http://www.debian.org/security/2015/dsa-3171), Red Hat ( https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/. A Samba ( https://www.samba.org/samba/history/security.html) patch is available for experienced users and administrators to implement.
To check your current version of Samba.
ps ax | grep smbd
smbstatus
========== Workaround ========== On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available.
