Educause Security Discussion mailing list archives
Samba unauthenticated remote root code execution
From: "Keller, Alex" <axkeller () STANFORD EDU>
Date: Mon, 23 Feb 2015 19:37:15 +0000
Samba unauthenticated remote root code execution. Scope looks pretty wide, Linux/Unix distros running Samba 3.5.0 --> 4.2.0rc4. Notably this will affect some NAS vendors who may be slow to offer patches. https://www.samba.org/samba/security/CVE-2015-0240 https://access.redhat.com/articles/1346913 https://security-tracker.debian.org/tracker/CVE-2015-0240 -----Original Message----- From: Salvatore Bonaccorso [mailto:carnil () debian org] Sent: Monday, February 23, 2015 3:49 AM To: bugtraq () securityfocus com<mailto:bugtraq () securityfocus com> Subject: [SECURITY] [DSA 3171-1] samba security update Importance: High -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3171-1 security () debian org<mailto:security () debian org> http://www.debian.org/security/ Salvatore Bonaccorso February 23, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba CVE ID : CVE-2015-0240 Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. For the stable distribution (wheezy), this problem has been fixed in version 2:3.6.6-6+deb7u5. We recommend that you upgrade your samba packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce () lists debian org<mailto:debian-security-announce () lists debian org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJU6xF7AAoJEAVMuPMTQ89ETk0P/jk/zgr+x+seIsQF0mbfgNha 2xvbRLzCXyK5rIf0PxOuaqTHRMlgPPRQ9we66dxZ5dBDuFWbcwFXc2TP3ghgjDA/ pROSdVNEPV6I1+NAGel4ySUtTHqsSvtvfxYCV2tGNNyy1IHgkqlFz5Wh+zVay6HZ c2eWqIjNWplV6stjHfERkCRSedD5GAk4o3AVXbcbpHMO+MafzJ8W5qY2T4CHiTeo jwwwJkLo84cOT9K3moAXrJW4ueiUsFP/VnjMj30mlHtj8qNp3KX4QlG42s44PYVO a0t2D1nQkp+/QovgPW/ewDmMCpV1iSbFOYxj+sz8e6BzUWDx/L/RP1JK1oktAdsB RTpEZvPFmKjZqpddbckXdIVh3vxnHA81NpYoE1udGXBsAq+YXINnlLXHXvVr9KS1 ddYmxWbHYpMLnkWWo3Ktb4aYtMcCt5j5uL1owTGs9SggZTZkPw9/B2WZux8Rz6Fz m0FvtMuzgDUzLQNqgXHrT+NQw21gYoVBHFRSZ6L0E5Ok+MMjGMy5kC9iQXeSfp98 bVTpiqR0n5551mQWxOysrPYj05uUZ7PmagpMFofklZ/I1dGg6TwNI0ylpJlJoruG IjFHIalwHlzhsRAzUbO+FYvjZ5mDTHk5rzafom0tBlaYUn0FdQEGgWFdGjcxCpRF qN8/Ju7AlzAGYJxup6LW =gHCx -----END PGP SIGNATURE----- _______________________________________________ GECOS mailing list GECOS () island stanford edu<mailto:GECOS () island stanford edu> http://island.stanford.edu/cgi-bin/mailman/listinfo/gecos Alex Keller Information Technology Stanford School of Engineering axkeller () stanford edu<mailto:axkeller () stanford edu> (650) 736-6421 Alex Keller Information Technology Stanford School of Engineering axkeller () stanford edu<mailto:axkeller () stanford edu> (650) 736-6421
Current thread:
- Samba unauthenticated remote root code execution Keller, Alex (Feb 23)