Vulnerability in Samba could result in remote code execution

ITS Advisory Number: 
Date(s) Issued: 
Tuesday, February 24, 2015
Vulnerability in Samba could result in remote code execution

A vulnerability has been discovered in Samba which could allow for remote code execution. Samba is the standard Windows interoperability suite of programs for Linux and Unix, which is used for sharing files, printers, and other information. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).

Systems Affected: 
  • All Red Hat Enterprise Linux systems (versions 5 to 7) that host a Samba server are potentially vulnerable. 
Large and medium government entities: 
Small government entities: 
Large and medium business entities: 
Small business entities: 
Home Users: 

A vulnerability has been discovered in Samba, which could allow an attacker to take root control of the affected system.

A security flaw in the smbd file server daemon. [CVE-2015-0240]

The vulnerability can be exploited by a malicious Samba client, by sending specially-crafted packets to the Samba server. No authentication is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root. This flaw arises because of an uninitialized pointer is passed to the TALLOC_FREE() function. It can be exploited by calling the ServerPasswordSet RPC api on the NetLogon endpoint, by using a NULL session over IPC.

No Authentication is required to exploit this flaw.


We recommend the following actions be taken:

  • Update vulnerable systems according to Red Hats instructions for applying the fix.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.