Samba Remote Code Execution Vulnerability

Original release date: February 24, 2015

Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.


US-CERT recommends users and administrators refer to their respective Linux OS vendor(s) for an appropriate patch if affected. Patches are currently available from Debian, Red Hat, Suse, and Ubuntu. A Samba patch is available for experienced users and administrators to implement.




This product is provided subject to this Notification and this Privacy & Use policy.








from US-CERT: The United States Computer Emergency Readiness Team http://1.usa.gov/1BPat6u