Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-3223

Опубликовано: 29 дек. 2015
Источник: debian

Описание

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
sambafixed2:4.1.22+dfsg-1package
sambanot-affectedwheezypackage
sambanot-affectedsqueezepackage
ldbfixed2:1.1.24-1package
ldbfixed2:1.1.17-2+deb8u1jessiepackage
ldbno-dsawheezypackage
ldbno-dsasqueezepackage

Примечания

  • https://www.samba.org/samba/security/CVE-2015-3223.html

  • https://git.samba.org/?p=samba.git;a=commit;h=fb456954f332c07a645226d59b3b00ec252f8b26 (v4-1-stable)

  • https://git.samba.org/?p=samba.git;a=commit;h=bb1b783ee9d7259cfc6a1fe882f22189747f8684 (v4-1-stable)

  • Samba update needs as well fixed ldb

Связанные уязвимости

ubuntu логотип

CVE-2015-3223

CVSS3: 5.3
ubuntu
почти 10 лет назад

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

redhat логотип

CVE-2015-3223

redhat
почти 10 лет назад

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

nvd логотип

CVE-2015-3223

CVSS3: 5.3
nvd
почти 10 лет назад

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

github логотип

GHSA-mfhq-m29x-g5ww

CVSS3: 5.3
github
больше 3 лет назад

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

fstec логотип

BDU:2021-01299

CVSS3: 5.3
fstec
почти 10 лет назад

Уязвимость функции ldb_wildcard_compare пакета программ сетевого взаимодействия Samba, связанная с ошибкой в обработке чисел, позволяющая нарушителю вызвать отказ в обслуживании