CVE-2015-0240

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-0240

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2015-0240.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2015-0240

Downstream

DEBIAN-CVE-2015-0240

DLA-156-1

DSA-3171-1

RHSA-2015:0249

RHSA-2015:0250

RHSA-2015:0251

RHSA-2015:0252

RHSA-2015:0253

RHSA-2015:0254

RHSA-2015:0255

RHSA-2015:0256

RHSA-2015:0257

SUSE-SU-2015:0353-1

SUSE-SU-2015:0371-1

SUSE-SU-2015:0386-1

UBUNTU-CVE-2015-0240

USN-2508-1

openSUSE-SU-2024:10069-1

Related

Published

2015-02-24T01:59:00Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the netrServerPasswordSet function in rpcserver/netlogon/srvnetlog_nt.c.

References

Affected packages