CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.9%
All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
unexpected code execution vulnerability in the smbd file server
daemon.
A malicious client could send packets that may set up the stack in
such a way that the freeing of memory in a subsequent anonymous
netlogon packet could allow execution of arbitrary code. This code
would execute with root privileges.
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 4.2.0rc5, 4.1.17, 4.0.25 and 3.6.25 have been
issued as security releases to correct the defect. Patches against
older Samba versions are available at http://samba.org/samba/patches/.
Samba vendors and administrators running affected versions are advised
to upgrade or apply the patch as soon as possible.
On Samba versions 4.0.0 and above, add the line:
rpc_server:netlogon=disabled
to the [global] section of your smb.conf. For Samba versions 3.6.x and
earlier, this workaround is not available.
This problem was found by Richard van Eeden of Microsoft Vulnerability
Research, who also provided the fix.