Bugzilla – Bug 958580
VUL-0: CVE-2015-7540: samba: Bogus LDAP request cause samba to use all the memory and be ookilled
Last modified: 2016-03-01 13:19:55 UTC
4.2 and 4.3 are not affected (was already fixed there)
An update workflow for this issue was started. This issue was rated as "important". Please submit fixed packages until "Dec. 17, 2015". When done, reassign the bug to "security-team@suse.de". /update/121110/.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-12-24. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62372
An update workflow for this issue was started. This issue was rated as "important". Please submit fixed packages until "Dec. 17, 2015". When done, reassign the bug to "security-team@suse.de". /update/62372/.
bugbot adjusting priority
is public https://www.samba.org/samba/security/CVE-2015-7540.html =========================================================== == Subject: Remote DoS in Samba (AD) LDAP server. == == CVE ID#: CVE-2015-7540 == == Versions: Samba 4.0.0 to 4.1.21 == == Summary: Malicious request can cause Samba LDAP server == to return crash. == =========================================================== =========== Description =========== All versions of Samba from 4.0.0 to 4.1.21 inclusive are vulnerable to an anonymous memory exhaustion attack in the samba daemon LDAP server. A malicious client can send packets that cause the LDAP server provided by the AD DC in the samba daemon process to consume unlimited memory and be terminated. ================== Patch Availability ================== Patches addressing this defect have been posted to https://www.samba.org/samba/history/security.html Additionally, Samba 4.1.22 has been issued as security releases to correct the defect. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== None. ======= Credits ======= This problem was found by the Codenomicon Defensics product http://www.codenomicon.com, now part of Synopsys. Jeremy Allison of Google and the Samba Team provided the fix into Samba master in Sep 2014. It was found to address this issue by Ralph Böhme of SerNet and the Samba Team.
openSUSE-SU-2015:2356-1: An update that solves 7 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 939050,939051,949022,951660,953382,954658,958580,958581,958582,958583,958584,958585,958586 CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-7540,CVE-2015-8467 Sources used: openSUSE 13.2 (src): ldb-1.1.24-3.4.1, samba-4.1.22-21.1, talloc-2.1.5-2.6.1, tdb-1.3.8-3.1, tevent-0.9.26-3.1 openSUSE 13.1 (src): ldb-1.1.24-3.7.1, samba-4.1.22-3.46.1, talloc-2.1.5-7.10.1, tdb-1.3.8-4.7.1, tevent-0.9.26-4.7.1
As we do not build the Samba AD LDAP server, we do not ship the vulnerable binaries.
note posted to CVE page.