CVE-2015-5330

Priority
Description
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before
4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string
lengths, which allows remote attackers to obtain sensitive information from
daemon heap memory by sending crafted packets and then reading (1) an error
message or (2) a database value.
Assigned-to
mdeslaur
Notes
mdeslaur4.0.0 to 4.3.2, but 3.6 may also need patch
may require ldb-1.1.24
3.6 patch in upstream bug
Package
Source: ldb (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1:1.1.4-1ubuntu0.1])
Ubuntu 14.04 ESM (Trusty Tahr):released (1:1.1.16-1ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:1.1.24-1ubuntu1)
Package
Upstream:released (4.3.3,4.2.7,4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-12-05 18:42:23 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)