CVE-2015-5370
published 2016-04-25CVE-2015-5370: Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to…
PriorityP343medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
EPSS
19.10%
97.0th percentile
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
Affected
108 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | samba | < samba 2:4.3.7+dfsg-1 (bookworm) | samba 2:4.3.7+dfsg-1 (bookworm) |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
vendor_ubuntu5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mcw7-q6mc-p58r: Samba 3
ghsa_unreviewed·2022-05-17
CVE-2015-5370 [MEDIUM] GHSA-mcw7-q6mc-p58r: Samba 3
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
OSV
samba regression
osv·2016-05-25·CVSS 5.9
[MEDIUM] samba regression
samba regression
USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to
version 4.3.9, which introduced a regression when using the ntlm_auth tool.
This update fixes the problem.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
Alberto Solino discovered that
OSV
samba regressions
osv·2016-05-04·CVSS 5.9
[MEDIUM] samba regressions
samba regressions
USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba
4.3.8 caused certain regressions and interoperability issues.
This update resolves some of these issues by updating to Samba 4.3.9 in
Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression
fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS.
This advisory was inadvertently published as USN-2950-2 originally.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained mul
OSV
libsoup2.4 update
osv·2016-05-04·CVSS 5.9
[MEDIUM] libsoup2.4 update
libsoup2.4 update
USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages
introduced a compatibility issue with NTLM authentication in libsoup. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
OSV
CVE-2015-5370: Samba 3
osv·2016-04-25·CVSS 5.9
CVE-2015-5370 [MEDIUM] CVE-2015-5370: Samba 3
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
OSV
samba vulnerabilities
osv·2016-04-18·CVSS 5.9
CVE-2015-5370 [MEDIUM] samba vulnerabilities
samba vulnerabilities
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
Alberto Solino discovered that a Samba domain controller would establish a
secure connection to a server with a spoofed computer name. A remote
attacker could use this issue to obtain sensitive information.
(CVE-2016-2111)
Stefan M
Ubuntu
Samba regression
vendor_ubuntu·2016-05-25·CVSS 5.9
[MEDIUM] Samba regression
Title: Samba regression
Summary: USN-2950-1 introduced a regression in Samba.
USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to
version 4.3.9, which introduced a regression when using the ntlm_auth tool.
This update fixes the problem.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-
Ubuntu
Samba regressions
vendor_ubuntu·2016-05-18·CVSS 5.9
[MEDIUM] Samba regressions
Title: Samba regressions
Summary: USN-2950-1 introduced regressions in Samba.
USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced
in Ubuntu 12.04 LTS caused interoperability issues. This update fixes
compatibility with certain NAS devices, and allows connecting to Samba 3.6
servers by relaxing the "client ipc signing" parameter to "auto".
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTL
Ubuntu
libsoup update
vendor_ubuntu·2016-05-04·CVSS 5.9
[MEDIUM] libsoup update
Title: libsoup update
Summary: This update fixes libsoup NTLM authentication.
USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages
introduced a compatibility issue with NTLM authentication in libsoup. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text b
Ubuntu
Samba regressions
vendor_ubuntu·2016-05-04·CVSS 5.9
[MEDIUM] Samba regressions
Title: Samba regressions
Summary: USN-2950-1 introduced regressions in Samba.
USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba
4.3.8 caused certain regressions and interoperability issues.
This update resolves some of these issues by updating to Samba 4.3.9 in
Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression
fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS.
This advisory was inadvertently published as USN-2950-2 originally.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2016-04-18·CVSS 5.9
CVE-2015-5370 [MEDIUM] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: Several security issues were fixed in Samba.
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
Alberto Solino discovered that a Samba domain controller would establish a
secure connection to a server with a spoofed computer name. A remote
attacker could use this is
Red Hat
samba: crash in dcesrv_auth_bind_ack due to missing error check
vendor_redhat·2016-04-12·CVSS 5.9
CVE-2015-5370 [MEDIUM] samba: crash in dcesrv_auth_bind_ack due to missing error check
samba: crash in dcesrv_auth_bind_ack due to missing error check
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attack
Debian
CVE-2015-5370: samba - Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does...
vendor_debian·2015·CVSS 5.9
CVE-2015-5370 [MEDIUM] CVE-2015-5370: samba - Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does...
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
Scope: local
bookworm: resolved (fixed in 2:4.3.7+dfsg-1)
bullseye: resolved (fixed in 2:4.3.7+dfsg-1)
forky: resolved (fixed in 2:4.3.7+dfsg-1)
sid: resolved (fixed in 2:4.3.7+dfsg-1)
trixie: resolved (fixed in 2:4.3.7+dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
bugzilla·2016-04-12·CVSS 5.9
CVE-2015-5370 [MEDIUM] CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commi
Bugzilla
CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check
bugzilla·2016-02-19·CVSS 5.9
CVE-2015-5370 [MEDIUM] CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check
CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check
Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote authenticated attacker could use this flaw to cause denial of service against the Samba server (high CPU or even a server crash) or even execute arbitrary code with the permissions of the user running the Samba server (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory object and compromising the security of a Samba AD DC.
The above applies all possible server roles Samba can operate in.
Discussion:
Acknowledgements:
Name: the Samba project
Upstream: Jouni Knuutinen (Synopsis)
---
External Reference:
https://access.redhat.com/article
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
http://badlock.org/http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0611.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0612.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0613.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0614.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0618.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0619.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0620.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0624.htmlhttp://www.debian.org/security/2016/dsa-3548http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securitytracker.com/id/1035533http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012http://www.ubuntu.com/usn/USN-2950-1http://www.ubuntu.com/usn/USN-2950-2http://www.ubuntu.com/usn/USN-2950-3http://www.ubuntu.com/usn/USN-2950-4http://www.ubuntu.com/usn/USN-2950-5https://bto.bluecoat.com/security-advisory/sa122https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399https://www.samba.org/samba/history/samba-4.2.10.htmlhttps://www.samba.org/samba/latest_news.html#4.4.2https://www.samba.org/samba/security/CVE-2015-5370.htmlhttp://badlock.org/http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0611.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0612.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0613.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0614.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0618.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0619.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0620.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0624.htmlhttp://www.debian.org/security/2016/dsa-3548http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securitytracker.com/id/1035533http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012http://www.ubuntu.com/usn/USN-2950-1http://www.ubuntu.com/usn/USN-2950-2http://www.ubuntu.com/usn/USN-2950-3http://www.ubuntu.com/usn/USN-2950-4http://www.ubuntu.com/usn/USN-2950-5https://bto.bluecoat.com/security-advisory/sa122https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399https://www.samba.org/samba/history/samba-4.2.10.htmlhttps://www.samba.org/samba/latest_news.html#4.4.2https://www.samba.org/samba/security/CVE-2015-5370.html
2016-04-25
Published