Lucene search

K

[email protected]CVE-2015-5330

HistoryDec 29, 2015 - 10:59 p.m.

CVE-2015-5330

2015-12-2922:59:00

CWE-200

[email protected]

web.nvd.nist.gov

71

cve-2015-5330

ldb

ad ldap server

samba 4.x

remote attackers

sensitive information

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.5%

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.

CPENameOperatorVersion
samba:sambasambaeq4.2.6
samba:sambasambaeq4.1.9
samba:sambasambaeq4.0.14
samba:sambasambaeq4.0.24
samba:sambasambaeq4.1.16
samba:sambasambaeq4.1.12
samba:sambasambaeq4.0.2
samba:sambasambaeq4.1.14
samba:sambasambaeq4.0.22
samba:sambasambaeq4.2.1

Rows per page:

1-10 of 571

References

lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

www.debian.org/security/2016/dsa-3433

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/79734

www.securitytracker.com/id/1034493

www.ubuntu.com/usn/USN-2855-1

www.ubuntu.com/usn/USN-2855-2

www.ubuntu.com/usn/USN-2856-1

bugzilla.redhat.com/show_bug.cgi?id=1281326

git.samba.org/?p=samba.git%3Ba=commit%3Bh=0454b95657846fcecf0f51b6f1194faac02518bd

git.samba.org/?p=samba.git%3Ba=commit%3Bh=538d305de91e34a2938f5f219f18bf0e1918763f

git.samba.org/?p=samba.git%3Ba=commit%3Bh=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72

git.samba.org/?p=samba.git%3Ba=commit%3Bh=a118d4220ed85749c07fb43c1229d9e2fecbea6b

git.samba.org/?p=samba.git%3Ba=commit%3Bh=ba5dbda6d0174a59d221c45cca52ecd232820d48

git.samba.org/?p=samba.git%3Ba=commit%3Bh=f36cb71c330a52106e36028b3029d952257baf15

security.gentoo.org/glsa/201612-47

www.samba.org/samba/security/CVE-2015-5330.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.5%

Related for CVE-2015-5330

fedora8 samba1 prion1 f52 ubuntucve1 nessus36 debiancve1 oraclelinux4 openvas28 centos3 redhat6 amazon2 ubuntu3 suse9 veracode4 mageia1 altlinux4 ibm1 osv1 debian2 freebsd1 gentoo1