The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable. The Samba project (https://www.samba.org/samba/history/) versions 4.2.0rc5, 4.1.17, 4.0.25 and 3.6.25 to address the issue and also made code patches ( https://www.samba.org/samba/history/security.html) available.
You need to be signed in and under a current maintenance contract to view premium knowledge articles.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center