Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 507
Alerts This Week
Warning Icon 1 507

Debian: DSA-3433-1 Critical: Samba Denial Of Service Vulnerabilities

debian
Calendar Grey January 2, 2016
Scroller Debian
- ------------------------------------------------------------------------- Debian Security Advisory
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix

Summary

CVE-2015-3223

Thilo Uttendorfer of Linux Information Systems AG discovered that a
malicious request can cause the Samba LDAP server to hang, spinning
using CPU. A remote attacker can take advantage of this flaw to
mount a denial of service.

CVE-2015-5252

Jan "Yenya" Kasprzak and the Computer Systems Unit team at Faculty
of Informatics, Masaryk University discovered that insufficient
symlink verification could allow data access outside an exported
share path.

CVE-2015-5296

Stefan Metzmacher of SerNet discovered that Samba does not ensure
that signing is negotiated when creating an encrypted client
connection to a server. This allows a man-in-the-middle attacker to
downgrade the connection and connect using the supplied credentials
as an unsigned, unencrypted connection.

CVE-2015-5299

It was discovered that a missing access control check in the VFS
shadow_copy2 module could allow unauthorized users to access
snapshots.

CVE-2015-5330

Dougl...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: samba
CVE ID: CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.