CVE-2015-7540

Priority
Description
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does
not check return values to ensure successful ASN.1 memory allocation, which
allows remote attackers to cause a denial of service (memory consumption
and daemon crash) via crafted packets.
Assigned-to
mdeslaur
Notes
mdeslaursays 4.0.0 to 4.1.21
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2:3.6.3-2ubuntu2.12)
Ubuntu 14.04 ESM (Trusty Tahr):released (2:4.1.6+dfsg-1ubuntu2.14.04.11)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.3.3+dfsg-1ubuntu1)
Patches:
Upstream:https://git.samba.org/?p=samba.git;a=commit;h=530d50a1abdcdf4d1775652d4c456c1274d83d8d (4.1)
Upstream:https://git.samba.org/?p=samba.git;a=commit;h=9d989c9dd7a5b92d0c5d65287935471b83b6e884 (4.1)
Package
Upstream:released (4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-12-05 18:42:56 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)