CERT mailing list archives
Samba Remote Code Execution Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Tue, 24 Feb 2015 16:12:43 -0600
NCCIC / US-CERT National Cyber Awareness System: Samba Remote Code Execution Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2015/02/24/Samba-Remote-Code-Execution-Vulnerability ] 02/24/2015 04:33 PM EST Original release date: February 24, 2015 Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users and administrators refer to their respective Linux OS vendor(s) for an appropriate patch if affected. Patches are currently available from Debian [ http://www.debian.org/security/2015/dsa-3171 ], Red Hat [ https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ ], Suse [ https://bugzilla.suse.com/show_bug.cgi?id=917376 ], and Ubuntu [ http://www.ubuntu.com/usn/usn-2508-1/ ]. A Samba patch [ http://www.samba.org/samba/security/ ] is available for experienced users and administrators to implement. ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- Samba Remote Code Execution Vulnerability US-CERT (Feb 24)