Lucene search

K

[email protected]NVD:CVE-2015-7540

HistoryDec 29, 2015 - 10:59 p.m.

CVE-2015-7540

2015-12-2922:59:05

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

Affected configurations

NVD

Node

sambasambaRange4.0.0–4.1.22

Node

canonicalubuntu_linuxMatch12.04-

OR

canonicalubuntu_linuxMatch14.04esm

OR

canonicalubuntu_linuxMatch15.04

OR

canonicalubuntu_linuxMatch15.10

Node

debiandebian_linuxMatch7.0

OR

debiandebian_linuxMatch8.0

References

lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html

lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

www.debian.org/security/2016/dsa-3433

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/79736

www.securitytracker.com/id/1034492

www.ubuntu.com/usn/USN-2855-1

www.ubuntu.com/usn/USN-2855-2

bugzilla.redhat.com/show_bug.cgi?id=1288451

git.samba.org/?p=samba.git%3Ba=commit%3Bh=530d50a1abdcdf4d1775652d4c456c1274d83d8d

git.samba.org/?p=samba.git%3Ba=commit%3Bh=9d989c9dd7a5b92d0c5d65287935471b83b6e884

security.gentoo.org/glsa/201612-47

www.samba.org/samba/security/CVE-2015-7540.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%

Related for NVD:CVE-2015-7540

f52 ubuntucve1 prion1 openvas13 cvelist1 debiancve1 cve1 samba1 fedora2 centos2 nessus20 veracode4 redhat3 oraclelinux2 ibm1 suse1 ubuntu2 freebsd1 debian2 osv1 gentoo1