Vulnerability identifier: #VU33812
Vulnerability risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Samba
Server applications /
Directory software, identity management
Vendor: Samba
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Samba: 3.4.0 - 3.4.17, 4.0.0 - 4.0.26, 4.1.0 - 4.1.21
External links
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://www.debian.org/security/2016/dsa-3433
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/79731
http://www.securitytracker.com/id/1034493
http://www.ubuntu.com/usn/USN-2855-1
http://www.ubuntu.com/usn/USN-2855-2
http://www.ubuntu.com/usn/USN-2856-1
http://bugzilla.redhat.com/show_bug.cgi?id=1290287
http://git.samba.org/?p=samba.git;a=commit;h=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465
http://git.samba.org/?p=samba.git;a=commit;h=ec504dbf69636a554add1f3d5703dd6c3ad450b8
http://security.gentoo.org/glsa/201612-47
http://www.samba.org/samba/security/CVE-2015-3223.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.