CVE-2015-7540

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://git.samba.org/?p=samba.git;a=commit;h=530d50a1abdcdf4d1775652d4c456c1274d83d8d
https://git.samba.org/?p=samba.git;a=commit;h=9d989c9dd7a5b92d0c5d65287935471b83b6e884
https://www.samba.org/samba/security/CVE-2015-7540.html	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1288451
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/79736
http://www.ubuntu.com/usn/USN-2855-2
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
http://www.ubuntu.com/usn/USN-2855-1
http://www.securitytracker.com/id/1034492
http://www.debian.org/security/2016/dsa-3433
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
https://security.gentoo.org/glsa/201612-47

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba:4.1.9:::::::*
	cpe:2.3:a:samba:samba:4.1.8:::::::*
	cpe:2.3:a:samba:samba:4.1.15:::::::*
	cpe:2.3:a:samba:samba:4.1.14:::::::*
	cpe:2.3:a:samba:samba:4.0.9:::::::*
	cpe:2.3:a:samba:samba:4.0.8:::::::*
	cpe:2.3:a:samba:samba:4.0.23:::::::*
	cpe:2.3:a:samba:samba:4.1.19:::::::*
	cpe:2.3:a:samba:samba:4.1.18:::::::*
	cpe:2.3:a:samba:samba:4.1.5:::::::*
	cpe:2.3:a:samba:samba:4.1.4:::::::*
	cpe:2.3:a:samba:samba:4.1.3:::::::*
	cpe:2.3:a:samba:samba:4.1.11:::::::*
	cpe:2.3:a:samba:samba:4.1.10:::::::*
	cpe:2.3:a:samba:samba:4.0.5:::::::*
	cpe:2.3:a:samba:samba:4.0.4:::::::*
	cpe:2.3:a:samba:samba:4.0.19:::::::*
	cpe:2.3:a:samba:samba:4.0.18:::::::*
	cpe:2.3:a:samba:samba:4.0.11:::::::*
	cpe:2.3:a:samba:samba:4.0.10:::::::*
	cpe:2.3:a:samba:samba:4.0.22:::::::*
	cpe:2.3:a:samba:samba:4.0.15:::::::*
	cpe:2.3:a:samba:samba:4.0.14:::::::*
	cpe:2.3:a:samba:samba:4.1.21:::::::*
	cpe:2.3:a:samba:samba:4.1.20:::::::*
	cpe:2.3:a:samba:samba:4.1.7:::::::*
	cpe:2.3:a:samba:samba:4.1.6:::::::*
	cpe:2.3:a:samba:samba:4.1.13:::::::*
	cpe:2.3:a:samba:samba:4.1.12:::::::*
	cpe:2.3:a:samba:samba:4.0.7:::::::*
	cpe:2.3:a:samba:samba:4.0.6:::::::*
	cpe:2.3:a:samba:samba:4.0.21:::::::*
	cpe:2.3:a:samba:samba:4.0.20:::::::*
	cpe:2.3:a:samba:samba:4.0.2:::::::*
	cpe:2.3:a:samba:samba:4.0.13:::::::*
	cpe:2.3:a:samba:samba:4.0.12:::::::*
	cpe:2.3:a:samba:samba:4.1.17:::::::*
	cpe:2.3:a:samba:samba:4.2.4:::::::*
	cpe:2.3:a:samba:samba:4.1.2:::::::*
	cpe:2.3:a:samba:samba:4.1.16:::::::*
	cpe:2.3:a:samba:samba:4.1.1:::::::*
	cpe:2.3:a:samba:samba:4.1.0:::::::*
	cpe:2.3:a:samba:samba:4.0.3:::::::*
	cpe:2.3:a:samba:samba:4.0.24:::::::*
	cpe:2.3:a:samba:samba:4.0.17:::::::*
	cpe:2.3:a:samba:samba:4.0.16:::::::*
	cpe:2.3:a:samba:samba:4.0.1:::::::*
	cpe:2.3:a:samba:samba:4.0.0:::::::*

Information

Published : 2015-12-29 22:59

Updated : 2016-12-31 02:59

NVD link : CVE-2015-7540

Mitre link : CVE-2015-7540

JSON object : View

Products Affected

samba

samba

CWE

CWE-399

Resource Management Errors

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

7.5^/10

5.0^/10