[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3223Date: (C)2016-01-07   (M)2023-12-22


The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: LOW 
  
Reference:
SECTRACK-1034493
BID-79731
DSA-3433
FEDORA-2015-0e0879cc8a
FEDORA-2015-b36076d32e
GLSA-201612-47
SUSE-SU-2015:2304
SUSE-SU-2015:2305
USN-2855-1
USN-2855-2
USN-2856-1
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://bugzilla.redhat.com/show_bug.cgi?id=1290287
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ec504dbf69636a554add1f3d5703dd6c3ad450b8
https://www.samba.org/samba/security/CVE-2015-3223.html
openSUSE-SU-2015:2354
openSUSE-SU-2015:2356
openSUSE-SU-2016:1064

CPE    56
cpe:/a:samba:samba:4.1.13
cpe:/a:samba:samba:4.1.12
cpe:/a:samba:samba:4.1.11
cpe:/a:samba:samba:4.1.10
...
CWE    1
CWE-189
OVAL    16
oval:org.secpod.oval:def:702905
oval:org.secpod.oval:def:702909
oval:org.secpod.oval:def:203804
oval:org.secpod.oval:def:203806
...

© SecPod Technologies