Opened 9 years ago
Closed 9 years ago
#6168 closed defect (fixed)
samba-4.1.17
| Reported by: | Owned by: | Fernando de Oliveira | |
|---|---|---|---|
| Priority: | high | Milestone: | 7.7 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
https://download.samba.org/pub/samba/stable/samba-4.1.17.tar.gz
From the release announcement: Samba 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases in order to address CVE-2015-0240 (Unexpected code execution in smbd.). For the sake of completeness, Samba 4.2.0rc5 including a fix for this defect will follow soon, but it won't be a dedicated security release and will therefore address other bug fixes also.
o CVE-2015-0240:
All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon.
A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
I guess that this should be in 7.7, if anybody uses it.
Change History (2)
comment:1 by , 9 years ago
| Owner: | changed from to |
|---|---|
| Priority: | normal → high |
| Status: | new → assigned |
I don't use, only for book updates.