Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2015-5330

Disclosure Date: December 29, 2015
CVE-2015-5330
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • samba

Products

  • samba 4.0.0,
  • samba 4.0.1,
  • samba 4.0.10,
  • samba 4.0.11,
  • samba 4.0.12,
  • samba 4.0.13,
  • samba 4.0.14,
  • samba 4.0.15,
  • samba 4.0.16,
  • samba 4.0.17,
  • samba 4.0.18,
  • samba 4.0.19,
  • samba 4.0.2,
  • samba 4.0.20,
  • samba 4.0.21,
  • samba 4.0.22,
  • samba 4.0.23,
  • samba 4.0.24,
  • samba 4.0.3,
  • samba 4.0.4,
  • samba 4.0.5,
  • samba 4.0.6,
  • samba 4.0.7,
  • samba 4.0.8,
  • samba 4.0.9,
  • samba 4.1.0,
  • samba 4.1.1,
  • samba 4.1.10,
  • samba 4.1.11,
  • samba 4.1.12,
  • samba 4.1.13,
  • samba 4.1.14,
  • samba 4.1.15,
  • samba 4.1.16,
  • samba 4.1.17,
  • samba 4.1.18,
  • samba 4.1.19,
  • samba 4.1.2,
  • samba 4.1.20,
  • samba 4.1.21,
  • samba 4.1.3,
  • samba 4.1.4,
  • samba 4.1.5,
  • samba 4.1.6,
  • samba 4.1.7,
  • samba 4.1.8,
  • samba 4.1.9,
  • samba 4.2.0,
  • samba 4.2.1,
  • samba 4.2.2,
  • samba 4.2.3,
  • samba 4.2.4,
  • samba 4.2.5,
  • samba 4.2.6,
  • samba 4.3.0,
  • samba 4.3.1,
  • samba 4.3.2

References

Canonical
CVE-2015-5330 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330)
BID-79734 (http://www.securityfocus.com/bid/79734)
Advisory
https://git.samba.org?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15
https://git.samba.org?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
USN-2855-2 (http://www.ubuntu.com/usn/USN-2855-2)
https://git.samba.org?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
USN-2856-1 (http://www.ubuntu.com/usn/USN-2856-1)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
https://bugzilla.redhat.com/show_bug.cgi?id=1281326
https://git.samba.org?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd
https://www.samba.org/samba/security/CVE-2015-5330.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
https://git.samba.org?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
SECTRACK-1034493 (http://www.securitytracker.com/id/1034493)
DSA-3433 (http://www.debian.org/security/2016/dsa-3433)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
GLSA-201612-47 (https://security.gentoo.org/glsa/201612-47)
USN-2855-1 (http://www.ubuntu.com/usn/USN-2855-1)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
https://git.samba.org?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis