CVE-2015-7540 in Ubuntu

CVE-2015-7540

Priority

Description

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does
not check return values to ensure successful ASN.1 memory allocation, which
allows remote attackers to cause a denial of service (memory consumption
and daemon crash) via crafted packets.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540
https://www.samba.org/samba/security/CVE-2015-7540.html
https://usn.ubuntu.com/usn/usn-2855-1

Bugs

https://bugzilla.samba.org/show_bug.cgi?id=9187

Assigned-to

mdeslaur

Notes

mdeslaur

says 4.0.0 to 4.1.21

Package

Source: samba (LP Ubuntu Debian)

Upstream:	released (4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):	not-affected (2:3.6.3-2ubuntu2.12)
Ubuntu 14.04 ESM (Trusty Tahr):	released (2:4.1.6+dfsg-1ubuntu2.14.04.11)
Ubuntu 16.04 LTS (Xenial Xerus):	released (2:4.3.3+dfsg-1ubuntu1)

Patches:

Upstream:	https://git.samba.org/?p=samba.git;a=commit;h=530d50a1abdcdf4d1775652d4c456c1274d83d8d (4.1)
Upstream:	https://git.samba.org/?p=samba.git;a=commit;h=9d989c9dd7a5b92d0c5d65287935471b83b6e884 (4.1)

Package

Source: samba4 (LP Ubuntu Debian)

Upstream:	released (4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

More Information

Updated: 2019-12-05 18:42:56 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)