PT-2015-3395 · Samba Team+6 · Ldb+6

Douglas Bagnall

·

Publicado

2015-12-16

·

Atualizado

2024-06-15

·

CVE-2015-5330

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Samba versions 4.1.x through 4.1.21 Samba versions 4.2.x through 4.2.6 Samba versions 4.3.x through 4.3.2 ldb versions prior to 1.1.24
Description The issue is related to the mishandling of string lengths in the ldb library, used in the AD LDAP server in Samba. This allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading an error message or a database value. The vulnerability is associated with information disclosure.
Recommendations For Samba versions 4.1.x through 4.1.21, update to version 4.1.22 or later. For Samba versions 4.2.x through 4.2.6, update to version 4.2.7 or later. For Samba versions 4.3.x through 4.3.2, update to version 4.3.3 or later. For ldb versions prior to 1.1.24, update to version 1.1.24 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2015-2137
ALT-PU-2015-2138
ALT-PU-2015-2139
BDU:2021-01296
CESA-2016_0006
CESA-2016_0009
CESA-2016_0010
CVE-2015-5330
DSA-3433-1
ECHO-E1C3-C270-8490
MGASA-2016-0094
OPENSUSE-SU-2015_2354-1
OPENSUSE-SU-2015_2356-1
OPENSUSE-SU-2016_1064-1
OPENSUSE-SU-2016_1106-1
OPENSUSE-SU-2024:10069-1
OPENSUSE-SU-2024:10074-1
RHSA-2016:0006
RHSA-2016:0009
RHSA-2016:0010
RHSA-2016:0014
RHSA-2016:0015
RHSA-2016:0016
RHSA-2016_0006
RHSA-2016_0009
RHSA-2016_0010
SUSE-SU-2015:2304-1
SUSE-SU-2015:2305-1
SUSE-SU-2016:0032-1
SUSE-SU-2016:0164-1
USN-2855-1
USN-2855-2
USN-2856-1

Produtos afetados

Alt Linux
Centos
Red Hat
Samba
Suse
Ubuntu
Ldb