A vulnerability has been discovered in Samba which could allow for remote code execution. Samba is the standard Windows interoperability suite of programs for Linux and Unix, which is used for sharing files, printers, and other information. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).
- All Red Hat Enterprise Linux systems (versions 5 to 7) that host a Samba server are potentially vulnerable.
A vulnerability has been discovered in Samba, which could allow an attacker to take root control of the affected system.
A security flaw in the smbd file server daemon. [CVE-2015-0240]
The vulnerability can be exploited by a malicious Samba client, by sending specially-crafted packets to the Samba server. No authentication is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root. This flaw arises because of an uninitialized pointer is passed to the TALLOC_FREE() function. It can be exploited by calling the ServerPasswordSet RPC api on the NetLogon endpoint, by using a NULL session over IPC.
No Authentication is required to exploit this flaw.
We recommend the following actions be taken:
- Update vulnerable systems according to Red Hats instructions for applying the fix. https://access.redhat.com/articles/1346913
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.