| Vulnerability Name: | CVE-2015-7540 (CCN-109135) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2015-12-16 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2015-12-16 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2022-08-29 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-399 CWE-770 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-7540 Source: FEDORA Type: Third Party Advisory FEDORA-2015-b36076d32e Source: FEDORA Type: Third Party Advisory FEDORA-2015-0e0879cc8a Source: SUSE Type: Mailing List, Third Party Advisory openSUSE-SU-2015:2356 Source: CCN Type: RHSA-2016-0010 Moderate: samba4 security update Source: CCN Type: RHSA-2016-0015 Moderate: samba security update Source: DEBIAN Type: Third Party Advisory DSA-3433 Source: CCN Type: IBM Security Bulletin N1021062 Vulnerabilities in Samba affect IBM i Source: CONFIRM Type: Third Party Advisory http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Source: BID Type: Third Party Advisory, VDB Entry 79736 Source: CCN Type: BID-79736 Samba CVE-2015-7540 Remote Denial of Service Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1034492 Source: UBUNTU Type: Third Party Advisory USN-2855-1 Source: UBUNTU Type: Third Party Advisory USN-2855-2 Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1288451 Source: XF Type: UNKNOWN samba-cve20157540-dos(109135) Source: CONFIRM Type: Patch, Vendor Advisory https://git.samba.org/?p=samba.git;a=commit;h=530d50a1abdcdf4d1775652d4c456c1274d83d8d Source: CONFIRM Type: Patch, Vendor Advisory https://git.samba.org/?p=samba.git;a=commit;h=9d989c9dd7a5b92d0c5d65287935471b83b6e884 Source: GENTOO Type: Third Party Advisory GLSA-201612-47 Source: CCN Type: Samba Web site Remote DoS in Samba (AD) LDAP server Source: CONFIRM Type: Vendor Advisory https://www.samba.org/samba/security/CVE-2015-7540.html Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-7540 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9: Configuration RedHat 10: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||