CVE-2015-3223

EUVD-2015-3283
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
sambasamba
4.0.0
sambasamba
4.0.1
sambasamba
4.0.2
sambasamba
4.0.3
sambasamba
4.0.4
sambasamba
4.0.5
sambasamba
4.0.6
sambasamba
4.0.7
sambasamba
4.0.8
sambasamba
4.0.9
sambasamba
4.0.10
sambasamba
4.0.11
sambasamba
4.0.12
sambasamba
4.0.13
sambasamba
4.0.14
sambasamba
4.0.15
sambasamba
4.0.16
sambasamba
4.0.17
sambasamba
4.0.18
sambasamba
4.0.19
sambasamba
4.0.20
sambasamba
4.0.21
sambasamba
4.0.22
sambasamba
4.0.23
sambasamba
4.0.24
sambasamba
4.1.0
sambasamba
4.1.1
sambasamba
4.1.2
sambasamba
4.1.3
sambasamba
4.1.4
sambasamba
4.1.5
sambasamba
4.1.6
sambasamba
4.1.7
sambasamba
4.1.8
sambasamba
4.1.9
sambasamba
4.1.10
sambasamba
4.1.11
sambasamba
4.1.12
sambasamba
4.1.13
sambasamba
4.1.14
sambasamba
4.1.15
sambasamba
4.1.16
sambasamba
4.1.17
sambasamba
4.1.18
sambasamba
4.1.19
sambasamba
4.1.20
sambasamba
4.1.21
sambasamba
4.2.0
sambasamba
4.2.1
sambasamba
4.2.2
sambasamba
4.2.3
sambasamba
4.2.4
sambasamba
4.2.5
sambasamba
4.2.6
sambasamba
4.3.0
sambasamba
4.3.1
sambasamba
4.3.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ldb
bullseye
2:2.2.3-2~deb11u2
fixed
bullseye (security)
2:2.2.3-2~deb11u2
fixed
squeeze
no-dsa
wheezy
no-dsa
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
sid
2:4.21.1+dfsg-2
fixed
squeeze
no-dsa
trixie
2:4.21.1+dfsg-2
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ldb
precise
Fixed 1:1.1.4-1ubuntu0.1
released
trusty
Fixed 1:1.1.16-1ubuntu0.1
released
vivid
Fixed 1:1.1.18-1ubuntu0.1
released
wily
Fixed 2:1.1.20-2ubuntu0.1
released
xenial
Fixed 2:1.1.24-1ubuntu1
released
yakkety
Fixed 2:1.1.24-1ubuntu1
released
zesty
Fixed 2:1.1.24-1ubuntu1
released
samba
precise
not-affected
trusty
Fixed 2:4.1.6+dfsg-1ubuntu2.14.04.11
released
vivid
Fixed 2:4.1.13+dfsg-4ubuntu3.1
released
wily
Fixed 2:4.1.17+dfsg-4ubuntu3.1
released
xenial
Fixed 2:4.3.3+dfsg-1ubuntu1
released
yakkety
Fixed 2:4.3.3+dfsg-1ubuntu1
released
zesty
Fixed 2:4.3.3+dfsg-1ubuntu1
released
samba4
precise
ignored
trusty
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://www.debian.org/security/2016/dsa-3433
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/79731
http://www.securitytracker.com/id/1034493
http://www.ubuntu.com/usn/USN-2855-1
http://www.ubuntu.com/usn/USN-2855-2
http://www.ubuntu.com/usn/USN-2856-1
https://bugzilla.redhat.com/show_bug.cgi?id=1290287
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ec504dbf69636a554add1f3d5703dd6c3ad450b8
https://security.gentoo.org/glsa/201612-47
https://www.samba.org/samba/security/CVE-2015-3223.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://www.debian.org/security/2016/dsa-3433
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/79731
http://www.securitytracker.com/id/1034493
http://www.ubuntu.com/usn/USN-2855-1
http://www.ubuntu.com/usn/USN-2855-2
http://www.ubuntu.com/usn/USN-2856-1
https://bugzilla.redhat.com/show_bug.cgi?id=1290287
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ec504dbf69636a554add1f3d5703dd6c3ad450b8
https://security.gentoo.org/glsa/201612-47
https://www.samba.org/samba/security/CVE-2015-3223.html