CVE-2015-3223

Priority
Description
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as
used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7,
and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote
attackers to cause a denial of service (infinite loop) via crafted packets.
Assigned-to
mdeslaur
Notes
mdeslaursays 4.0.0 to 4.3.2, need to check precise
may require ldb update
Package
Source: ldb (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1:1.1.4-1ubuntu0.1])
Ubuntu 14.04 ESM (Trusty Tahr):released (1:1.1.16-1ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:1.1.24-1ubuntu1)
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.3.3,4.2.7,4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2:3.6.3-2ubuntu2.12)
Ubuntu 14.04 ESM (Trusty Tahr):released (2:4.1.6+dfsg-1ubuntu2.14.04.11)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.3.3+dfsg-1ubuntu1)
Patches:
Upstream:https://git.samba.org/?p=samba.git;a=commit;h=fb456954f332c07a645226d59b3b00ec252f8b26 (4.1)
Upstream:https://git.samba.org/?p=samba.git;a=commit;h=bb1b783ee9d7259cfc6a1fe882f22189747f8684 (4.1)
Package
Upstream:released (4.3.3,4.2.7,4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-12-05 18:41:04 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)