Oval Definition:oval:org.mitre.oval:def:28955
Revision Date:2015-08-10Version:21
Title:CIFS Server (Samba) Vulnerability on HPUX
Description:The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-0240
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX03320
  • HP-UX B.11.31
  • AND filesets test
  • CIFS-Development.CIFS-PRG version is less than A.03.02.04
  • OR CIFS-Server.CIFS-ADMIN version is less than A.03.02.04
  • OR CIFS-Server.CIFS-DOC version is less than A.03.02.04
  • OR CIFS-Server.CIFS-LIB version is less than A.03.02.04
  • OR CIFS-Server.CIFS-RUN version is less than A.03.02.04
  • OR CIFS-Server.CIFS-UTIL version is less than A.03.02.04
  • OR Criteria meets HP Security Bulletin HPSBUX03320
  • HP-UX B.11.23
  • AND filesets tests
  • CIFS-Development.CIFS-PRG version is less than A.03.02.05
  • OR CIFS-Server.CIFS-ADMIN version is less than A.03.02.05
  • OR CIFS-Server.CIFS-DOC version is less than A.03.02.05
  • OR CIFS-Server.CIFS-LIB version is less than A.03.02.05
  • OR CIFS-Server.CIFS-RUN version is less than A.03.02.05
  • OR CIFS-Server.CIFS-UTIL version is less than A.03.02.05
    • BACK