1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2015-5330.html:</H2>
15 ===========================================================
16 == Subject: Remote memory read in Samba LDAP server.
18 == CVE ID#: CVE-2015-5330
20 == Versions: Samba 4.0.0 to 4.3.2
22 == Summary: Malicious request can cause Samba LDAP server
23 == to return uninitialized memory that should not
24 == be part of the reply.
26 ===========================================================
32 All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
33 ldb versions up to 1.1.23 inclusive) are vulnerable to
34 a remote memory read attack in the samba daemon LDAP server.
36 A malicious client can send packets that cause the LDAP server in the
37 samba daemon process to return heap memory beyond the length of the
40 This memory may contain data that the client should not be allowed to
41 see, allowing compromise of the server.
43 The memory may either be returned to the client in an error string, or
44 stored in the database by a suitabily privileged user. If untrusted
45 users can create objects in your database, please confirm that all DN
46 and name attributes are reasonable. (A script to assist in this
47 search will be put in the wiki or bugzilla).
54 Patches addressing this defect have been posted to
56 https://www.samba.org/samba/history/security.html
58 Additionally, Samba 4.3.3, 4.2.7 and 4.1.22 (resp. ldb 1.1.24)
59 have been issued as security releases to correct the defect.
60 Samba vendors and administrators running affected versions are
61 advised to upgrade or apply the patch as soon as possible.
73 This problem was found by Douglas Bagnall
74 <douglas.bagnall@catalyst.net.nz> of Catalyst (www.catalyst.net.nz),
75 who also provided the fix.