CVE-2015-5330 Information

Feb 14, 2021 cve

Description

ldb before 1.1.24 as used in the AD LDAP server in Samba 4.x before 4.1.22 4.2.x before 4.2.7 and 4.3.x before 4.3.3 mishandles string lengths which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://www.debian.org/security/2016/dsa-3433 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/79734 http://www.securitytracker.com/id/1034493 http://www.ubuntu.com/usn/USN-2855-1 http://www.ubuntu.com/usn/USN-2855-2 http://www.ubuntu.com/usn/USN-2856-1 https://bugzilla.redhat.com/show_bug.cgi?id=1281326 https://git.samba.org/?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd https://git.samba.org/?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f https://git.samba.org/?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72 https://git.samba.org/?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b https://git.samba.org/?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48 https://git.samba.org/?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15 https://security.gentoo.org/glsa/201612-47 https://www.samba.org/samba/security/CVE-2015-5330.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5

Share on: