Samba vulnerability - Remote Code Execution - (CVE-2015-0240)

Published: 2015-02-25. Last Updated: 2015-02-26 02:51:02 UTC
by Chris Mohan (Version: 1)
0 comment(s)

The Red Hat security team has released an advisory on a Samba vulnerability effecting Samba version 3.5.0 through 4.2.0rc4. "It can be exploited by a malicious Samba client, by sending specially-crafted packets to the Samba server. No authentication is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root." [1]

A patch [2] has been released by the Samba team to address the vulnerability.


[1] https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/

[2] https://www.samba.org/samba/history/security.html

Chris Mohan --- Internet Storm Center Handler on Duty

Keywords:
0 comment(s)

Comments


Diary Archives