CVE-2015-7540
HIGHSamba 4.0.0-4.1.21 - Denial of Service via LDAP ASN.1 Memory Allocation
Title source: llmDescription
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.
References (14)
Core 14
Core References
Various Sources x_refsource_confirm
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9d989c9dd7a5b92d0c5d65287935471b83b6e884
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2855-2
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Various Sources x_refsource_confirm
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=530d50a1abdcdf4d1775652d4c456c1274d83d8d
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034492
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/79736
Vendor Advisory x_refsource_confirm
https://www.samba.org/samba/security/CVE-2015-7540.html
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3433
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-47
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2855-1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1288451
Scores
CVSS v3
7.5
EPSS
0.3960
EPSS Percentile
97.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-399
Status
published
Products (7)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.04
canonical/ubuntu_linux
15.10
debian/debian_linux
7.0
debian/debian_linux
8.0
samba/samba
4.0.0 - 4.1.22
Published
Dec 29, 2015
Tracked Since
Feb 18, 2026