CVE-2015-5370

Impact:
Critical
Public Date:
2016-04-12
Bugzilla:
1309987: CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check
Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).

Find out more about CVE-2015-5370 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 8.5
Base Metrics AV:N/AC:M/Au:S/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Extended Update Support 7.1 (samba) RHSA-2016:0618 2016-04-13
Red Hat Enterprise Linux Extended Update Support 6.6 (samba) RHSA-2016:0619 2016-04-12
Red Hat Gluster 3 Samba on RHEL-6 (samba) RHSA-2016:0614 2016-04-12
Red Hat Enterprise Linux Advanced Update Support 6.5 (samba) RHSA-2016:0619 2016-04-12
Red Hat Enterprise Linux 6 (samba4) RHSA-2016:0612 2016-04-13
Red Hat Enterprise Linux Advanced Update Support 6.2 (samba) RHSA-2016:0619 2016-04-12
Red Hat Enterprise Linux 6 (samba) RHSA-2016:0611 2016-04-12
Red Hat Gluster 3 Samba on RHEL-7 (samba) RHSA-2016:0614 2016-04-12
Red Hat Enterprise Linux Advanced Update Support 6.4 (samba4) RHSA-2016:0620 2016-04-12
Red Hat Enterprise Linux Long Life (v. 5.9 server) (samba3x) RHSA-2016:0624 2016-04-12
Red Hat Gluster Storage Server 3.1 on RHEL-6 (libldb) RHSA-2016:0614 2016-04-12
Red Hat Enterprise Linux Advanced Update Support 6.5 (samba4) RHSA-2016:0620 2016-04-12
Red Hat Enterprise Linux 5 (samba3x) RHSA-2016:0613 2016-04-12
Red Hat Enterprise Linux Advanced Update Support 6.2 (samba4) RHSA-2016:0620 2016-04-12
Red Hat Enterprise Linux 7 (samba) RHSA-2016:0612 2016-04-13
Red Hat Enterprise Linux Extended Update Support 6.6 (samba4) RHSA-2016:0620 2016-04-12
Red Hat Enterprise Linux Advanced Update Support 6.4 (samba) RHSA-2016:0619 2016-04-12
Red Hat Enterprise Linux Long Life (v. 5.6 server) (samba3x) RHSA-2016:0624 2016-04-12

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 samba Not affected
Red Hat Enterprise Linux 4 samba Not affected

Acknowledgements

Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter.

External References

Last Modified