5.3

CVE-2015-3223

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version4.0.0
SambaSamba Version4.0.1
SambaSamba Version4.0.2
SambaSamba Version4.0.3
SambaSamba Version4.0.4
SambaSamba Version4.0.5
SambaSamba Version4.0.6
SambaSamba Version4.0.7
SambaSamba Version4.0.8
SambaSamba Version4.0.9
SambaSamba Version4.0.10
SambaSamba Version4.0.11
SambaSamba Version4.0.12
SambaSamba Version4.0.13
SambaSamba Version4.0.14
SambaSamba Version4.0.15
SambaSamba Version4.0.16
SambaSamba Version4.0.17
SambaSamba Version4.0.18
SambaSamba Version4.0.19
SambaSamba Version4.0.20
SambaSamba Version4.0.21
SambaSamba Version4.0.22
SambaSamba Version4.0.23
SambaSamba Version4.0.24
SambaSamba Version4.1.0
SambaSamba Version4.1.1
SambaSamba Version4.1.2
SambaSamba Version4.1.3
SambaSamba Version4.1.4
SambaSamba Version4.1.5
SambaSamba Version4.1.6
SambaSamba Version4.1.7
SambaSamba Version4.1.8
SambaSamba Version4.1.9
SambaSamba Version4.1.10
SambaSamba Version4.1.11
SambaSamba Version4.1.12
SambaSamba Version4.1.13
SambaSamba Version4.1.14
SambaSamba Version4.1.15
SambaSamba Version4.1.16
SambaSamba Version4.1.17
SambaSamba Version4.1.18
SambaSamba Version4.1.19
SambaSamba Version4.1.20
SambaSamba Version4.1.21
SambaSamba Version4.2.0
SambaSamba Version4.2.1
SambaSamba Version4.2.2
SambaSamba Version4.2.3
SambaSamba Version4.2.4
SambaSamba Version4.2.5
SambaSamba Version4.2.6
SambaSamba Version4.3.0
SambaSamba Version4.3.1
SambaSamba Version4.3.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.88% 0.933
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
http://www.debian.org/security/2016/dsa-3433
http://www.securityfocus.com/bid/79731
http://www.securitytracker.com/id/1034493
http://www.ubuntu.com/usn/USN-2855-1
http://www.ubuntu.com/usn/USN-2855-2
http://www.ubuntu.com/usn/USN-2856-1
https://bugzilla.redhat.com/show_bug.cgi?id=1290287
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ec504dbf69636a554add1f3d5703dd6c3ad450b8
https://security.gentoo.org/glsa/201612-47
https://www.samba.org/samba/security/CVE-2015-3223.html
Vendor Advisory