// For flags

CVE-2015-5370

samba: crash in dcesrv_auth_bind_ack due to missing error check

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.

Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no implementa correctamente la capa DCE-RPC, lo que permite a atacantes remotos llevar a cabo protocol-downgrade attacks, provocar una denegación de servicio (caída de aplicación o consumo de CPU), o posiblemente ejecutar código arbitrario en un sistema cliente a través de vectores no especificados.

Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-07-06 CVE Reserved
  • 2016-04-12 CVE Published
  • 2023-12-11 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (37)
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html 2016-12-03
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html 2016-12-03
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html 2016-12-03
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html 2016-12-03
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html 2016-12-03
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html 2016-12-03
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html 2016-12-03
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html 2016-12-03
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html 2016-12-03
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html 2016-12-03
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html 2016-12-03
http://rhn.redhat.com/errata/RHSA-2016-0611.html 2016-12-03
http://rhn.redhat.com/errata/RHSA-2016-0612.html 2016-12-03
http://rhn.redhat.com/errata/RHSA-2016-0613.html 2016-12-03
http://rhn.redhat.com/errata/RHSA-2016-0614.html 2016-12-03
http://rhn.redhat.com/errata/RHSA-2016-0618.html 2016-12-03
http://rhn.redhat.com/errata/RHSA-2016-0619.html 2016-12-03
http://rhn.redhat.com/errata/RHSA-2016-0620.html 2016-12-03
http://rhn.redhat.com/errata/RHSA-2016-0624.html 2016-12-03
http://www.debian.org/security/2016/dsa-3548 2016-12-03
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012 2016-12-03
http://www.ubuntu.com/usn/USN-2950-1 2016-12-03
http://www.ubuntu.com/usn/USN-2950-2 2016-12-03
http://www.ubuntu.com/usn/USN-2950-3 2016-12-03
http://www.ubuntu.com/usn/USN-2950-4 2016-12-03
http://www.ubuntu.com/usn/USN-2950-5 2016-12-03
https://access.redhat.com/security/cve/CVE-2015-5370 2016-04-12
https://bugzilla.redhat.com/show_bug.cgi?id=1309987 2016-04-12
https://access.redhat.com/articles/2243351 2016-04-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.0
Search vendor "Samba" for product "Samba" and version "3.6.0"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.1
Search vendor "Samba" for product "Samba" and version "3.6.1"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.2
Search vendor "Samba" for product "Samba" and version "3.6.2"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.3
Search vendor "Samba" for product "Samba" and version "3.6.3"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.4
Search vendor "Samba" for product "Samba" and version "3.6.4"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.5
Search vendor "Samba" for product "Samba" and version "3.6.5"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.6
Search vendor "Samba" for product "Samba" and version "3.6.6"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.7
Search vendor "Samba" for product "Samba" and version "3.6.7"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.8
Search vendor "Samba" for product "Samba" and version "3.6.8"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.9
Search vendor "Samba" for product "Samba" and version "3.6.9"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.10
Search vendor "Samba" for product "Samba" and version "3.6.10"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.11
Search vendor "Samba" for product "Samba" and version "3.6.11"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.12
Search vendor "Samba" for product "Samba" and version "3.6.12"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.13
Search vendor "Samba" for product "Samba" and version "3.6.13"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.14
Search vendor "Samba" for product "Samba" and version "3.6.14"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.15
Search vendor "Samba" for product "Samba" and version "3.6.15"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.16
Search vendor "Samba" for product "Samba" and version "3.6.16"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.17
Search vendor "Samba" for product "Samba" and version "3.6.17"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.18
Search vendor "Samba" for product "Samba" and version "3.6.18"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.19
Search vendor "Samba" for product "Samba" and version "3.6.19"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.20
Search vendor "Samba" for product "Samba" and version "3.6.20"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.21
Search vendor "Samba" for product "Samba" and version "3.6.21"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.22
Search vendor "Samba" for product "Samba" and version "3.6.22"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.23
Search vendor "Samba" for product "Samba" and version "3.6.23"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.24
Search vendor "Samba" for product "Samba" and version "3.6.24"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.6.25
Search vendor "Samba" for product "Samba" and version "3.6.25"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.0
Search vendor "Samba" for product "Samba" and version "4.0.0"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.1
Search vendor "Samba" for product "Samba" and version "4.0.1"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.2
Search vendor "Samba" for product "Samba" and version "4.0.2"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.3
Search vendor "Samba" for product "Samba" and version "4.0.3"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.4
Search vendor "Samba" for product "Samba" and version "4.0.4"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.5
Search vendor "Samba" for product "Samba" and version "4.0.5"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.6
Search vendor "Samba" for product "Samba" and version "4.0.6"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.7
Search vendor "Samba" for product "Samba" and version "4.0.7"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.8
Search vendor "Samba" for product "Samba" and version "4.0.8"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.9
Search vendor "Samba" for product "Samba" and version "4.0.9"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.10
Search vendor "Samba" for product "Samba" and version "4.0.10"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.11
Search vendor "Samba" for product "Samba" and version "4.0.11"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.12
Search vendor "Samba" for product "Samba" and version "4.0.12"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.13
Search vendor "Samba" for product "Samba" and version "4.0.13"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.14
Search vendor "Samba" for product "Samba" and version "4.0.14"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.15
Search vendor "Samba" for product "Samba" and version "4.0.15"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.16
Search vendor "Samba" for product "Samba" and version "4.0.16"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.17
Search vendor "Samba" for product "Samba" and version "4.0.17"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.18
Search vendor "Samba" for product "Samba" and version "4.0.18"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.19
Search vendor "Samba" for product "Samba" and version "4.0.19"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.20
Search vendor "Samba" for product "Samba" and version "4.0.20"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.21
Search vendor "Samba" for product "Samba" and version "4.0.21"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.22
Search vendor "Samba" for product "Samba" and version "4.0.22"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.23
Search vendor "Samba" for product "Samba" and version "4.0.23"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.24
Search vendor "Samba" for product "Samba" and version "4.0.24"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.25
Search vendor "Samba" for product "Samba" and version "4.0.25"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.0.26
Search vendor "Samba" for product "Samba" and version "4.0.26"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.0
Search vendor "Samba" for product "Samba" and version "4.1.0"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.1
Search vendor "Samba" for product "Samba" and version "4.1.1"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.2
Search vendor "Samba" for product "Samba" and version "4.1.2"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.3
Search vendor "Samba" for product "Samba" and version "4.1.3"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.4
Search vendor "Samba" for product "Samba" and version "4.1.4"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.5
Search vendor "Samba" for product "Samba" and version "4.1.5"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.6
Search vendor "Samba" for product "Samba" and version "4.1.6"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.7
Search vendor "Samba" for product "Samba" and version "4.1.7"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.8
Search vendor "Samba" for product "Samba" and version "4.1.8"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.9
Search vendor "Samba" for product "Samba" and version "4.1.9"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.10
Search vendor "Samba" for product "Samba" and version "4.1.10"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.11
Search vendor "Samba" for product "Samba" and version "4.1.11"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.12
Search vendor "Samba" for product "Samba" and version "4.1.12"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.13
Search vendor "Samba" for product "Samba" and version "4.1.13"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.14
Search vendor "Samba" for product "Samba" and version "4.1.14"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.15
Search vendor "Samba" for product "Samba" and version "4.1.15"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.16
Search vendor "Samba" for product "Samba" and version "4.1.16"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.17
Search vendor "Samba" for product "Samba" and version "4.1.17"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.18
Search vendor "Samba" for product "Samba" and version "4.1.18"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.19
Search vendor "Samba" for product "Samba" and version "4.1.19"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.20
Search vendor "Samba" for product "Samba" and version "4.1.20"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.21
Search vendor "Samba" for product "Samba" and version "4.1.21"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.22
Search vendor "Samba" for product "Samba" and version "4.1.22"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.1.23
Search vendor "Samba" for product "Samba" and version "4.1.23"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.0
Search vendor "Samba" for product "Samba" and version "4.2.0"
rc1
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.0
Search vendor "Samba" for product "Samba" and version "4.2.0"
rc2
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.0
Search vendor "Samba" for product "Samba" and version "4.2.0"
rc3
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.0
Search vendor "Samba" for product "Samba" and version "4.2.0"
rc4
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.1
Search vendor "Samba" for product "Samba" and version "4.2.1"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.2
Search vendor "Samba" for product "Samba" and version "4.2.2"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.3
Search vendor "Samba" for product "Samba" and version "4.2.3"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.4
Search vendor "Samba" for product "Samba" and version "4.2.4"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.5
Search vendor "Samba" for product "Samba" and version "4.2.5"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.6
Search vendor "Samba" for product "Samba" and version "4.2.6"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.7
Search vendor "Samba" for product "Samba" and version "4.2.7"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.8
Search vendor "Samba" for product "Samba" and version "4.2.8"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.2.9
Search vendor "Samba" for product "Samba" and version "4.2.9"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.3.0
Search vendor "Samba" for product "Samba" and version "4.3.0"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.3.1
Search vendor "Samba" for product "Samba" and version "4.3.1"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.3.2
Search vendor "Samba" for product "Samba" and version "4.3.2"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.3.3
Search vendor "Samba" for product "Samba" and version "4.3.3"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.3.4
Search vendor "Samba" for product "Samba" and version "4.3.4"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.3.5
Search vendor "Samba" for product "Samba" and version "4.3.5"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.3.6
Search vendor "Samba" for product "Samba" and version "4.3.6"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
4.4.0
Search vendor "Samba" for product "Samba" and version "4.4.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
15.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected