Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2015-5370

Disclosure Date: April 25, 2016
CVE-2015-5370
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2015-5370 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370)
Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
http://rhn.redhat.com/errata/RHSA-2016-0612.html
USN-2950-1 (http://www.ubuntu.com/usn/USN-2950-1)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
http://rhn.redhat.com/errata/RHSA-2016-0613.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
USN-2950-5 (http://www.ubuntu.com/usn/USN-2950-5)
https://www.samba.org/samba/history/samba-4.2.10.html
FEDORA-2016-be53260726 (http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html)
http://rhn.redhat.com/errata/RHSA-2016-0624.html
http://rhn.redhat.com/errata/RHSA-2016-0618.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
https://www.samba.org/samba/latest_news.html#4.4.2
SECTRACK-1035533 (http://www.securitytracker.com/id/1035533)
FEDORA-2016-48b3761baa (http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html)
http://rhn.redhat.com/errata/RHSA-2016-0614.html
https://www.samba.org/samba/security/CVE-2015-5370.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
http://rhn.redhat.com/errata/RHSA-2016-0620.html
http://rhn.redhat.com/errata/RHSA-2016-0611.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
https://bto.bluecoat.com/security-advisory/sa122
USN-2950-3 (http://www.ubuntu.com/usn/USN-2950-3)
FEDORA-2016-383fce04e2 (http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://rhn.redhat.com/errata/RHSA-2016-0619.html
DSA-3548 (http://www.debian.org/security/2016/dsa-3548)
USN-2950-2 (http://www.ubuntu.com/usn/USN-2950-2)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
USN-2950-4 (http://www.ubuntu.com/usn/USN-2950-4)
Miscellaneous
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
http://badlock.org

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis