Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2016:0009
HistoryJan 07, 2016 - 12:00 a.m.

(RHSA-2016:0009) Moderate: libldb security update

2016-01-0700:00:00
access.redhat.com
31

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.372 Low

EPSS

Percentile

96.7%

JSON

The libldb packages provide an extensible library that implements an
LDAP-like API to access remote LDAP servers, or use local TDB databases.

A denial of service flaw was found in the ldb_wildcard_compare() function
of libldb. A remote attacker could send a specially crafted packet that,
when processed by an application using libldb (for example the AD LDAP
server in Samba), would cause that application to consume an excessive
amount of memory and crash. (CVE-2015-3223)

A memory-read flaw was found in the way the libldb library processed LDB DN
records with a null byte. An authenticated, remote attacker could use this
flaw to read heap-memory pages from the server. (CVE-2015-5330)

Red Hat would like to thank the Samba project for reporting these issues.
Upstream acknowledges Thilo Uttendorfer as the original reporter of
CVE-2015-3223, and Douglas Bagnall as the original reporter of
CVE-2015-5330.

All libldb users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64pyldb-devel< 1.1.20-1.el7_2.2pyldb-devel-1.1.20-1.el7_2.2.x86_64.rpm
RedHat6s390libldb-debuginfo< 1.1.13-3.el6_7.1libldb-debuginfo-1.1.13-3.el6_7.1.s390.rpm
RedHat6i686pyldb< 1.1.13-3.el6_7.1pyldb-1.1.13-3.el6_7.1.i686.rpm
RedHat7i686libldb< 1.1.20-1.el7_2.2libldb-1.1.20-1.el7_2.2.i686.rpm
RedHat7s390pyldb< 1.1.20-1.el7_2.2pyldb-1.1.20-1.el7_2.2.s390.rpm
RedHat7i686libldb-debuginfo< 1.1.20-1.el7_2.2libldb-debuginfo-1.1.20-1.el7_2.2.i686.rpm
RedHat6i686pyldb-devel< 1.1.13-3.el6_7.1pyldb-devel-1.1.13-3.el6_7.1.i686.rpm
RedHat6s390xpyldb< 1.1.13-3.el6_7.1pyldb-1.1.13-3.el6_7.1.s390x.rpm
RedHat7ppc64libldb-debuginfo< 1.1.20-1.el7_2.2libldb-debuginfo-1.1.20-1.el7_2.2.ppc64.rpm
RedHat7s390xlibldb-debuginfo< 1.1.20-1.el7_2.2libldb-debuginfo-1.1.20-1.el7_2.2.s390x.rpm
Rows per page:
1-10 of 641

Related

nessus 39
centos 3
amazon 2
openvas 30
oraclelinux 5
ubuntu 3
redhat 5
f5 4
prion 2
fedora 10
ubuntucve 2
cvelist 2
samba 2
checkpoint_advisories 1
cve 2
debiancve 2
mageia 1
veracode 5
altlinux 4
suse 9
nvd 2
ibm 1
osv 1
debian 2
freebsd 1
gentoo 1
nessus
nessus
CentOS 6 / 7 : libldb (CESA-2016:0009)
2016-01-08 00:00:00
Scientific Linux Security Update : libldb on SL6.x, SL7.x i386/x86_64 (20160107)
2016-01-11 00:00:00
Oracle Linux 6 / 7 : libldb (ELSA-2016-0009)
2016-01-08 00:00:00
centos
centos
ldb, libldb, pyldb security update
2016-01-07 22:11:38
samba4 security update
2016-01-07 22:12:25
ctdb, libsmbclient, libwbclient, samba security update
2016-01-07 22:29:50
amazon
amazon
Medium: libldb
2016-01-18 11:00:00
Medium: samba
2016-01-18 11:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-633)
2016-01-20 00:00:00
CentOS Update for ldb-tools CESA-2016:0009 centos7
2016-01-08 00:00:00
Ubuntu: Security Advisory (USN-2856-1)
2016-01-07 00:00:00
oraclelinux
oraclelinux
libldb security update
2016-01-07 00:00:00
samba4 security update
2016-01-07 00:00:00
samba security update
2016-01-07 00:00:00
ubuntu
ubuntu
ldb vulnerabilities
2016-01-05 00:00:00
Samba regression
2016-02-16 00:00:00
Samba vulnerabilities
2016-01-05 00:00:00
redhat
redhat
(RHSA-2016:0014) Moderate: libldb security update
2016-01-08 09:04:39
(RHSA-2016:0016) Moderate: samba security update
2016-01-08 10:10:45
(RHSA-2016:0006) Moderate: samba security update
2016-01-07 16:51:51
f5
f5
K15031791 : Samba vulnerability CVE-2015-5330
2016-10-21 00:00:00
K09417637 : Samba vulnerability CVE-2015-3223
2016-10-21 00:00:00
SOL15031791 - Samba vulnerability CVE-2015-5330
2016-10-21 00:00:00
prion
prion
Information disclosure
2015-12-29 22:59:00
Code injection
2015-12-29 22:59:00
fedora
fedora
[SECURITY] Fedora 23 Update: libtdb-1.3.8-1.fc23
2015-12-18 07:55:40
[SECURITY] Fedora 22 Update: libtalloc-2.1.5-2.fc22
2015-12-18 10:00:47
[SECURITY] Fedora 22 Update: libtevent-0.9.26-1.fc22
2015-12-18 10:00:47
ubuntucve
ubuntucve
CVE-2015-5330
2015-12-16 00:00:00
CVE-2015-3223
2015-12-16 00:00:00
cvelist
cvelist
CVE-2015-5330
2015-12-29 22:00:00
CVE-2015-3223
2015-12-29 22:00:00
samba
samba
Remote memory read in Samba LDAP server.
2015-12-16 00:00:00
Denial of service in Samba Active Directory
2015-12-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Samba LDAP Server libldb Infinite Loop Denial of Service (CVE-2015-3223)
2016-04-11 00:00:00
cve
cve
CVE-2015-5330
2015-12-29 22:59:04
CVE-2015-3223
2015-12-29 22:59:00
debiancve
debiancve
CVE-2015-5330
2015-12-29 22:59:04
CVE-2015-3223
2015-12-29 22:59:00
mageia
mageia
Updated samba packages fix security vulnerabilities
2016-03-03 20:43:41
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:09:29
Information Disclosure
2019-05-02 05:20:18
Improper Authentication
2019-05-02 05:20:18
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.3.3-alt1
2015-12-16 00:00:00
Security fix for the ALT Linux 8 package samba version 4.3.3-alt1
2015-12-16 00:00:00
Security fix for the ALT Linux 7 package samba version 4.3.3-alt1
2015-12-16 00:00:00
suse
suse
Security update for ldb, samba, talloc, tdb, tevent (important)
2015-12-18 22:10:59
Security update for ldb, samba, talloc, tdb, tevent (important)
2015-12-18 21:10:45
Security update for ldb, samba, talloc, tdb, tevent (important)
2015-12-24 03:10:28
nvd
nvd
NVD:CVE-2015-5330
2015-12-29 22:59:04
NVD:CVE-2015-3223
2015-12-29 22:59:00
ibm
ibm
Security Bulletin: Vulnerabilities in Samba affect IBM i
2019-12-18 14:26:38
osv
osv
samba - security update
2016-01-02 00:00:00
debian
debian
[SECURITY] [DSA 3433-1] samba security update
2016-01-02 09:40:45
[SECURITY] [DSA 3433-1] samba security update
2016-01-02 09:40:27
freebsd
freebsd
samba -- multiple vulnerabilities
2015-12-16 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2016-12-24 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.372 Low

EPSS

Percentile

96.7%

JSON
Related for RHSA-2016:0009
nessus39centos3amazon2openvas30oraclelinux5ubuntu3redhat5f54prion2fedora10ubuntucve2cvelist2samba2checkpoint_advisories1cve2debiancve2mageia1veracode5altlinux4suse9nvd2ibm1osv1debian2freebsd1gentoo1