CVE-2015-7540

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.1.22

Description The issue is related to the LDAP server in the AD domain controller in Samba, where it fails to check return values for successful ASN.1 memory allocation. This allows remote attackers to cause a denial of service, resulting in memory consumption and daemon crash, via crafted packets. The vulnerability is associated with an error in the resource management mechanism of the system.

Recommendations For versions prior to 4.1.22, update to version 4.1.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the LDAP server to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2015-1347

BDU:2021-01295

CESA-2016_0010

CVE-2015-7540

DSA-3433-1

OPENSUSE-SU-2015_2356-1

RHSA-2016:0010

RHSA-2016:0015

RHSA-2016_0010

USN-2855-1

USN-2855-2

Affected Products

Alt Linux

Centos

Red Hat

Samba

Suse

Ubuntu

CVE-2015-7540

Weakness Enumeration

Related Identifiers

Affected Products

References · 107