Debian: DSA-3433-1 Critical: Samba Denial Of Service Vulnerabilities
debian
January 2, 2016
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix
Topics Covered
Summary
CVE-2015-3223
Thilo Uttendorfer of Linux Information Systems AG discovered that a
malicious request can cause the Samba LDAP server to hang, spinning
using CPU. A remote attacker can take advantage of this flaw to
mount a denial of service.
CVE-2015-5252
Jan "Yenya" Kasprzak and the Computer Systems Unit team at Faculty
of Informatics, Masaryk University discovered that insufficient
symlink verification could allow data access outside an exported
share path.
CVE-2015-5296
Stefan Metzmacher of SerNet discovered that Samba does not ensure
that signing is negotiated when creating an encrypted client
connection to a server. This allows a man-in-the-middle attacker to
downgrade the connection and connect using the supplied credentials
as an unsigned, unencrypted connection.
CVE-2015-5299
It was discovered that a missing access control check in the VFS
shadow_copy2 module could allow unauthorized users to access
snapshots.
CVE-2015-5330
Dougl...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: samba
CVE ID: CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!