Univention Bugzilla – Bug 37736
samba: Security issue (ES 2.4)
Last modified: 2015-03-25 10:16:35 CET
CVE-2015-0240 A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
For pre 3.5.13 we should additionally cherry pick https://git.samba.org/?p=samba.git;a=commitdiff;h=914f88b1edc3a9964553f781c8b11d4cc0e7c67f
Now public: https://www.samba.org/samba/security/CVE-2015-0240
The patch has been integrated and the package rebuilt. Tests with Win7 (domain join and domain logon) went fine.
Verified: * Patch identical to upstream: samba/2.4-0-0-ucs/2:3.5.11~dfsg-1-extsec2.4/98_CVE-2015-0240.patch * Package built in extsec2.4 with upstream patch * Package update (master, backup, member) * Windows7 Client join, user logon, PW-Change, Re-logon, UCS DC Backup rejoin, UCS Memberserver rejoin, memberserver home share writable by user
This has been announced as part of the extended 2.4 security support.