Vulnerability in Samba could result in remote code execution

ITS Advisory Number: 
2015-016
Date(s) Issued: 
Tuesday, February 24, 2015
Subject: 
Vulnerability in Samba could result in remote code execution
Overview: 

A vulnerability has been discovered in Samba which could allow for remote code execution. Samba is the standard Windows interoperability suite of programs for Linux and Unix, which is used for sharing files, printers, and other information. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).

Systems Affected: 
  • All Red Hat Enterprise Linux systems (versions 5 to 7) that host a Samba server are potentially vulnerable. 
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
N/A
Description: 

A vulnerability has been discovered in Samba, which could allow an attacker to take root control of the affected system.

A security flaw in the smbd file server daemon. [CVE-2015-0240]

The vulnerability can be exploited by a malicious Samba client, by sending specially-crafted packets to the Samba server. No authentication is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root. This flaw arises because of an uninitialized pointer is passed to the TALLOC_FREE() function. It can be exploited by calling the ServerPasswordSet RPC api on the NetLogon endpoint, by using a NULL session over IPC.

No Authentication is required to exploit this flaw.

Actions: 

We recommend the following actions be taken:

  • Update vulnerable systems according to Red Hats instructions for applying the fix. https://access.redhat.com/articles/1346913
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.