Search for vulnerabilities
Vulnerability details: VCID-219h-dfv6-aaac
Vulnerability ID VCID-219h-dfv6-aaac
Aliases CVE-2015-0240
Summary The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-17 DEPRECATED: Code
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0240.html
rhas Critical https://access.redhat.com/errata/RHSA-2015:0249
rhas Critical https://access.redhat.com/errata/RHSA-2015:0250
rhas Critical https://access.redhat.com/errata/RHSA-2015:0251
rhas Important https://access.redhat.com/errata/RHSA-2015:0252
rhas Critical https://access.redhat.com/errata/RHSA-2015:0253
rhas Critical https://access.redhat.com/errata/RHSA-2015:0254
rhas Critical https://access.redhat.com/errata/RHSA-2015:0255
rhas Critical https://access.redhat.com/errata/RHSA-2015:0256
rhas Critical https://access.redhat.com/errata/RHSA-2015:0257
epss 0.90874 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91034 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.9113 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.9113 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.9113 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.9113 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.9113 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.9113 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.9132 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.9132 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.9132 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91436 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91436 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91436 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91436 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91436 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91436 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91672 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91672 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91672 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91672 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91672 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.91672 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.97421 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.97421 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.97426 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.97481 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
epss 0.97481 https://api.first.org/data/v1/epss?cve=CVE-2015-0240
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2015-0240
generic_textual Medium https://ubuntu.com/security/notices/USN-2508-1
generic_textual Medium https://www.samba.org/samba/security/CVE-2015-0240
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Reference id Reference type URL
http://advisories.mageia.org/MGASA-2015-0084.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://marc.info/?l=bugtraq&m=142722696102151&w=2
http://marc.info/?l=bugtraq&m=143039217203031&w=2
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0240.html
http://rhn.redhat.com/errata/RHSA-2015-0249.html
http://rhn.redhat.com/errata/RHSA-2015-0250.html
http://rhn.redhat.com/errata/RHSA-2015-0251.html
http://rhn.redhat.com/errata/RHSA-2015-0252.html
http://rhn.redhat.com/errata/RHSA-2015-0253.html
http://rhn.redhat.com/errata/RHSA-2015-0254.html
http://rhn.redhat.com/errata/RHSA-2015-0255.html
http://rhn.redhat.com/errata/RHSA-2015-0256.html
http://rhn.redhat.com/errata/RHSA-2015-0257.html
https://access.redhat.com/articles/1346913
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0240.json
https://api.first.org/data/v1/epss?cve=CVE-2015-0240
https://bugzilla.redhat.com/show_bug.cgi?id=1191325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
http://security.gentoo.org/glsa/glsa-201502-15.xml
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
https://support.lenovo.com/product_security/samba_remote_vuln
https://support.lenovo.com/us/en/product_security/samba_remote_vuln
https://ubuntu.com/security/notices/USN-2508-1
https://www.exploit-db.com/exploits/36741/
https://www.samba.org/samba/security/CVE-2015-0240
http://www.debian.org/security/2015/dsa-3171
http://www.mandriva.com/security/advisories?name=MDVSA-2015:081
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/72711
http://www.securitytracker.com/id/1031783
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345
http://www.ubuntu.com/usn/USN-2508-1
779033 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779033
cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.16:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.18:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.19:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.20:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.21:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.22:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.6.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.6.24:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_desktop:12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:12:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVE-2015-0240 https://nvd.nist.gov/vuln/detail/CVE-2015-0240
CVE-2015-0240;OSVDB-118637 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux_x86/dos/36741.py
GLSA-201502-15 https://security.gentoo.org/glsa/201502-15
RHSA-2015:0249 https://access.redhat.com/errata/RHSA-2015:0249
RHSA-2015:0250 https://access.redhat.com/errata/RHSA-2015:0250
RHSA-2015:0251 https://access.redhat.com/errata/RHSA-2015:0251
RHSA-2015:0252 https://access.redhat.com/errata/RHSA-2015:0252
RHSA-2015:0253 https://access.redhat.com/errata/RHSA-2015:0253
RHSA-2015:0254 https://access.redhat.com/errata/RHSA-2015:0254
RHSA-2015:0255 https://access.redhat.com/errata/RHSA-2015:0255
RHSA-2015:0256 https://access.redhat.com/errata/RHSA-2015:0256
RHSA-2015:0257 https://access.redhat.com/errata/RHSA-2015:0257
USN-2508-1 https://usn.ubuntu.com/2508-1/
Data source Exploit-DB
Date added April 14, 2015
Description Samba < 3.6.2 (x86) - Denial of Service (PoC)
Ransomware campaign use Unknown
Source publication date April 13, 2015
Exploit type dos
Platform linux_x86
Source update date March 27, 2017
Data source Metasploit
Description This module checks if a Samba target is vulnerable to an uninitialized variable creds vulnerability.
Note 
{}
Ransomware campaign use Unknown
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/smb/smb_uninit_cred.rb
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2015-0240
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.99569
EPSS Score 0.90874
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.