Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-3223)
Jan Kasprzak discovered that Samba incorrectly handled certain symlinks. A remote attacker could use this issue to access files outside the exported share path. (CVE-2015-5252)
Stefan Metzmacher discovered that Samba did not enforce signing when creating encrypted connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2015-5296)
It was discovered that Samba incorrectly performed access control when using the VFS shadow_copy2 module. A remote attacker could use this issue to access snapshots, contrary to intended permissions. (CVE-2015-5299)
Douglas Bagnall discovered that Samba incorrectly handled certain string lengths. A remote attacker could use this issue to possibly access sensitive information. (CVE-2015-5330)
It was discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-7540)
Andrew Bartlett discovered that Samba incorrectly checked administrative privileges during creation of machine accounts. A remote attacker could possibly use this issue to bypass intended access restrictions in certain environments. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-8467)
{ "binaries": [ { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "libnss-winbind" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "libpam-smbpass" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "libpam-winbind" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "libparse-pidl-perl" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "libsmbclient" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "libsmbclient-dev" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "libsmbsharemodes-dev" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "libsmbsharemodes0" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "libwbclient-dev" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "libwbclient0" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "python-samba" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "registry-tools" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "samba" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "samba-common" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "samba-common-bin" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "samba-dev" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "samba-dsdb-modules" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "samba-libs" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "samba-testsuite" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "samba-vfs-modules" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "smbclient" }, { "binary_version": "2:4.1.6+dfsg-1ubuntu2.14.04.11", "binary_name": "winbind" } ], "availability": "No subscription required" }
{ "ecosystem": "Ubuntu:14.04:LTS", "cves": [ { "id": "CVE-2015-3223", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "type": "Ubuntu", "score": "medium" } ] }, { "id": "CVE-2015-5252", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ] }, { "id": "CVE-2015-5296", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ] }, { "id": "CVE-2015-5299", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ] }, { "id": "CVE-2015-5330", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ] }, { "id": "CVE-2015-7540", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ] }, { "id": "CVE-2015-8467", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ] } ] }