Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
sambaSamba SecuritySAMBA:CVE-2015-3223
HistoryDec 16, 2015 - 12:00 a.m.

Denial of service in Samba Active Directory

2015-12-1600:00:00
Samba Security
www.samba.org
549

0.388 Low

EPSS

Percentile

97.2%

JSON

Description

All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
ldb versions up to 1.1.23 inclusive) are vulnerable to
a denial of service attack in the samba daemon LDAP server.

A malicious client can send packets that cause the LDAP server in the
samba daemon process to become unresponsive, preventing the server
from servicing any other requests.

This flaw is not exploitable beyond causing the code to loop expending
CPU resources.

Patch Availability

Patches addressing this defect have been posted to

https://www.samba.org/samba/history/security.html

Additionally, Samba 4.3.3, 4.2.7 and 4.1.22 (resp. ldb 1.1.24)
have been issued as security releases to correct the defect.
Samba vendors and administrators running affected versions are
advised to upgrade or apply the patch as soon as possible.

Workaround

None.

Credits

This problem was found by Thilo Uttendorfer of Linux Information
Systems AG. The fix was created by Jeremy Allison of Google.

Related

checkpoint_advisories 1
cvelist 1
ubuntucve 1
prion 1
f5 2
cve 1
veracode 1
debiancve 1
nessus 23
redhat 2
openvas 21
amazon 1
centos 1
oraclelinux 3
ubuntu 3
fedora 2
mageia 1
altlinux 4
suse 5
ibm 1
osv 1
debian 2
freebsd 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
Samba LDAP Server libldb Infinite Loop Denial of Service (CVE-2015-3223)
2016-04-11 00:00:00
cvelist
cvelist
CVE-2015-3223
2015-12-29 22:00:00
ubuntucve
ubuntucve
CVE-2015-3223
2015-12-16 00:00:00
prion
prion
Code injection
2015-12-29 22:59:00
f5
f5
K09417637 : Samba vulnerability CVE-2015-3223
2016-10-21 00:00:00
SOL09417637 - Samba vulnerability CVE-2015-3223
2016-10-21 00:00:00
cve
cve
CVE-2015-3223
2015-12-29 22:59:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:09:29
debiancve
debiancve
CVE-2015-3223
2015-12-29 22:59:00
nessus
nessus
Oracle Linux 6 / 7 : libldb (ELSA-2016-0009)
2016-01-08 00:00:00
CentOS 6 / 7 : libldb (CESA-2016:0009)
2016-01-08 00:00:00
Scientific Linux Security Update : libldb on SL6.x, SL7.x i386/x86_64 (20160107)
2016-01-11 00:00:00
redhat
redhat
(RHSA-2016:0009) Moderate: libldb security update
2016-01-07 00:00:00
(RHSA-2016:0014) Moderate: libldb security update
2016-01-08 09:04:39
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-633)
2016-01-20 00:00:00
CentOS Update for ldb-tools CESA-2016:0009 centos7
2016-01-08 00:00:00
CentOS Update for ldb-tools CESA-2016:0009 centos6
2016-01-08 00:00:00
amazon
amazon
Medium: libldb
2016-01-18 11:00:00
centos
centos
ldb, libldb, pyldb security update
2016-01-07 22:11:38
oraclelinux
oraclelinux
libldb security update
2016-01-07 00:00:00
samba security update
2016-01-07 00:00:00
samba4 security update
2016-01-07 00:00:00
ubuntu
ubuntu
ldb vulnerabilities
2016-01-05 00:00:00
Samba vulnerabilities
2016-01-05 00:00:00
Samba regression
2016-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: samba-4.3.3-0.fc23
2015-12-18 07:55:05
[SECURITY] Fedora 22 Update: samba-4.2.7-0.fc22
2015-12-26 21:53:02
mageia
mageia
Updated samba packages fix security vulnerabilities
2016-03-03 20:43:41
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.3.3-alt1
2015-12-16 00:00:00
Security fix for the ALT Linux 8 package samba version 4.3.3-alt1
2015-12-16 00:00:00
Security fix for the ALT Linux 7 package samba version 4.3.3-alt1
2015-12-16 00:00:00
suse
suse
Security update for ldb, samba, talloc, tdb, tevent (important)
2015-12-18 22:10:59
Security update for ldb, samba, talloc, tdb, tevent (important)
2015-12-18 21:10:45
Security update for ldb, samba, talloc, tdb, tevent (important)
2015-12-24 03:10:28
ibm
ibm
Security Bulletin: Vulnerabilities in Samba affect IBM i
2019-12-18 14:26:38
osv
osv
samba - security update
2016-01-02 00:00:00
debian
debian
[SECURITY] [DSA 3433-1] samba security update
2016-01-02 09:40:45
[SECURITY] [DSA 3433-1] samba security update
2016-01-02 09:40:27
freebsd
freebsd
samba -- multiple vulnerabilities
2015-12-16 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2016-12-24 00:00:00

0.388 Low

EPSS

Percentile

97.2%

JSON
Related for SAMBA:CVE-2015-3223
checkpoint_advisories1cvelist1ubuntucve1prion1f52cve1veracode1debiancve1nessus23redhat2openvas21amazon1centos1oraclelinux3ubuntu3fedora2mageia1altlinux4suse5ibm1osv1debian2freebsd1gentoo1