CVE ID
CVE-2015-0240
DESCRIPTION
An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).
Unitrends risk assessment: Severity High
The samba service is running by default on Unitrends servers and the security update needs to be applied.
RESOLUTION
Fixed in:
-
samba3x-3.6.23-9.el5_11 for CentOS5
-
samba-3.6.23-14.el6_6 for CentOS6
To update to the fixed version of samba, obtain the EAPP-601 security update from Unitrends support.