CVE-2015-5370 — Samba vulnerability

17 documents8 sources

Severity

5.9MEDIUMNVD

EPSS

25.5%

top 3.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux

Timeline

PublishedApr 25

Latest updateDec 29

Description

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/samba< samba 2:4.3.7+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.3.7+dfsg-1+3

▶Ubuntusamba/samba< 2:4.3.9+dfsg-0ubuntu0.14.04.1+4

▶NVDsamba/samba95 versions+94

Also affects: Ubuntu Linux 14.04, 15.10, 16.04

Patches

Patch: www.samba.org ↗Patch: www.samba.org ↗

🔴Vulnerability Details

GHSA

GHSA-mcw7-q6mc-p58r: Samba 3↗2022-05-17

▶

OSV

samba regression↗2016-05-25

▶

OSV

samba regressions↗2016-05-04

▶

OSV

libsoup2.4 update↗2016-05-04

▶

OSV

CVE-2015-5370: Samba 3↗2016-04-25

▶

📋Vendor Advisories

Ubuntu

Samba regression↗2016-05-25

▶

Ubuntu

Samba regressions↗2016-05-18

▶

Ubuntu

libsoup update↗2016-05-04

▶

Ubuntu

Samba regressions↗2016-05-04

▶

Ubuntu

Samba vulnerabilities↗2016-04-18

▶

📄Research Papers

arXiv

One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware↗2022-12-29

▶

💬Community

Bugzilla

CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]↗2016-04-12

▶

Bugzilla

CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check↗2016-02-19

▶