VDB
CVE-2015-7540
CVE-2015-7540
PUBLISHED
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.
EPSS 39.60% · 97.4th percentile
Risk Scores
EPSS Score
39.60%
97.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | samba | 0, 2:4.0.10+dfsg-4ubuntu2, 2:4.0.13+dfsg-1ubuntu1 |
| Ubuntu:16.04:LTS | samba | 2:4.1.17+dfsg-4ubuntu2, 2:4.1.20+dfsg-1ubuntu1, 2:4.1.20+dfsg-1ubuntu2 |
Exploit Intelligence
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9d989c9dd7a5b92d0c5d65287935471b83b6e884 (circl)
- FEDORA-2015-0e0879cc8a (circl)
- USN-2855-2 (circl)
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html (circl)
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=530d50a1abdcdf4d1775652d4c456c1274d83d8d (circl)
- 1034492 (circl)
- 79736 (circl)
- https://www.samba.org/samba/security/CVE-2015-7540.html (circl)
- FEDORA-2015-b36076d32e (circl)
- DSA-3433 (circl)
…and 4 more exploits
Timeline
- Dec 16, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Nov 8, 2023 EPSS Score
- Feb 12, 2024 EPSS Score
- Apr 4, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-7540 third-party-advisory
- https://www.samba.org/samba/security/CVE-2015-7540.html third-party-advisory
- https://ubuntu.com/security/notices/USN-2855-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-7540 third-party-advisory