CVE-2015-7540 — Allocation of Resources Without Limits or Throttling in Samba

CWE-399 CWE-770 — Allocation of Resources Without Limits or Throttling11 documents7 sources

Severity

7.5HIGHNVD

OSV5.3

EPSS

43.3%

top 2.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux +1 more

Timeline

PublishedDec 29

Latest updateMay 17

Description

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDsamba/samba4.0.0 — 4.1.22

▶debiandebian/samba< samba 2:4.1.22+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.1.22+dfsg-1+3

▶Ubuntusamba/samba< 2:4.1.6+dfsg-1ubuntu2.14.04.11+1

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

GHSA

GHSA-7m2w-hp2f-cmqp: The LDAP server in the AD domain controller in Samba 4↗2022-05-17

▶

OSV

samba regression↗2016-02-16

▶

OSV

samba vulnerabilities↗2016-01-05

▶

OSV

CVE-2015-7540: The LDAP server in the AD domain controller in Samba 4↗2015-12-29

▶

📋Vendor Advisories

Ubuntu

Samba regression↗2016-02-16

▶

Ubuntu

Samba vulnerabilities↗2016-01-05

▶

Red Hat

samba: DoS to AD-DC due to insufficient checking of asn1 memory allocation↗2015-12-16

▶

Debian

CVE-2015-7540: samba - The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not ...↗2015

▶

💬Community

Bugzilla

CVE-2015-5299 CVE-2015-7540 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 samba: various flaws [fedora-all]↗2015-12-16

▶

Bugzilla

CVE-2015-7540 samba: DoS to AD-DC due to insufficient checking of asn1 memory allocation↗2015-12-04

▶