PatchSiren cyber security CVE debrief

CVE-2015-8771 Gosa Project CVE debrief

CVE-2015-8771 is a critical remote code execution issue in GOsa associated with the generate_smb_nt_hash function in include/functions.inc. According to the NVD record, a crafted password can trigger arbitrary command execution, and the issue is rated CVSS 9.8 with CWE-94 (code injection) as the primary weakness. A patch is referenced in the upstream GitHub commit and in the oss-security mailing list advisory linked from the record.

Vendor: Gosa Project
Product: CVE-2015-8771
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

Administrators and operators running GOsa or related GOsa project components, especially any deployment exposed to untrusted users or authentication input. Security teams should prioritize this if GOsa is internet-facing or used in environments where password input can be influenced remotely.

Technical summary

The NVD description states that the generate_smb_nt_hash function in include/functions.inc can be abused with a crafted password to execute arbitrary commands. The record maps the issue to CWE-94 and lists a network-exploitable CVSS 3.0 vector with no privileges or user interaction required, reflecting high impact to confidentiality, integrity, and availability. NVD also links an upstream patch commit and a mailing list advisory as remediation references.

Defensive priority

Immediate. The combination of remote reachability, no required privileges, and potential arbitrary command execution makes this a high-priority issue to assess and patch quickly.

Recommended defensive actions

Review whether any GOsa deployment is present in your environment, including bundled or downstream packages.
Apply the upstream fix referenced by the GitHub commit a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8 or the vendor guidance linked from the oss-security advisory.
Restrict access to GOsa until patched, especially from untrusted networks.
Audit authentication and application logs for unexpected command execution or suspicious password-handling activity around the affected component.
Validate package and plugin versions against vendor and distribution advisories before returning the service to normal exposure.

Evidence notes

The debrief is based on the supplied NVD record for CVE-2015-8771, which describes arbitrary command execution via a crafted password in generate_smb_nt_hash and identifies CWE-94. Supporting references in the record include the oss-security mailing list post, a SecurityFocus entry, and the upstream GitHub commit that appears to contain the patch. No affected version range was provided in the supplied source, so version-specific exposure is not asserted here.

Official resources

CVE-2015-8771 CVE record
CVE.org
CVE-2015-8771 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Mailing List, Patch, Third Party Advisory
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Third Party Advisory

The CVE record was published by NVD on 2017-02-13T18:59:00.300Z. The supplied references also point to a January 2016 oss-security advisory and an upstream patch commit, indicating the issue was disclosed and remediated before the NVD entry