6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.359 Low
EPSS
Percentile
97.2%
Samba team reports:
[CVE-2015-3223] Malicious request can cause Samba LDAP server to hang, spinning using CPU.
[CVE-2015-5330] Malicious request can cause Samba LDAP server
to return uninitialized memory that should not be part of the reply.
[CVE-2015-5296] Requesting encryption should also request
signing when setting up the connection to protect against man-in-the-middle attacks.
[CVE-2015-5299] A missing access control check in the VFS
shadow_copy2 module could allow unauthorized users to access snapshots.
[CVE-2015-7540] Malicious request can cause Samba LDAP server to return crash.
[CVE-2015-8467] Samba can expose Windows DCs to MS15-096
Denial of service via the creation of multiple machine accounts(The Microsoft issue is CVE-2015-2535).
[CVE-2015-5252] Insufficient symlink verification could allow data access outside share path.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | samba36 | = 3.6.0 | UNKNOWN |
FreeBSD | any | noarch | samba36 | < 3.6.25_2 | UNKNOWN |
FreeBSD | any | noarch | samba4 | = 4.0.0 | UNKNOWN |
FreeBSD | any | noarch | samba4 | <= 4.0.26 | UNKNOWN |
FreeBSD | any | noarch | samba41 | = 4.1.0 | UNKNOWN |
FreeBSD | any | noarch | samba41 | < 4.1.22 | UNKNOWN |
FreeBSD | any | noarch | samba42 | = 4.2.0 | UNKNOWN |
FreeBSD | any | noarch | samba42 | < 4.2.7 | UNKNOWN |
FreeBSD | any | noarch | samba43 | = 4.3.0 | UNKNOWN |
FreeBSD | any | noarch | samba43 | < 4.3.3 | UNKNOWN |
www.samba.org/samba/security/CVE-2015-3223.html
www.samba.org/samba/security/CVE-2015-5252.html
www.samba.org/samba/security/CVE-2015-5296.html
www.samba.org/samba/security/CVE-2015-5299.html
www.samba.org/samba/security/CVE-2015-5330.html
www.samba.org/samba/security/CVE-2015-7540.html
www.samba.org/samba/security/CVE-2015-8467.html
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.359 Low
EPSS
Percentile
97.2%