Bug 958580 - (CVE-2015-7540) VUL-0: CVE-2015-7540: samba: Bogus LDAP request cause samba to use all the memory and be ookilled
(CVE-2015-7540)
VUL-0: CVE-2015-7540: samba: Bogus LDAP request cause samba to use all the me...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2015-7540:7.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-10 06:31 UTC by Marcus Meissner
Modified: 2016-03-01 13:19 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 4 Marcus Meissner 2015-12-10 07:03:25 UTC
4.2 and 4.3 are not affected (was already fixed there)
Comment 7 SMASH SMASH 2015-12-10 10:20:01 UTC
An update workflow for this issue was started.

This issue was rated as "important".
Please submit fixed packages until "Dec. 17, 2015".

When done, reassign the bug to "security-team@suse.de".
/update/121110/.
Comment 8 Swamp Workflow Management 2015-12-10 11:08:57 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-12-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62372
Comment 9 SMASH SMASH 2015-12-10 11:09:29 UTC
An update workflow for this issue was started.

This issue was rated as "important".
Please submit fixed packages until "Dec. 17, 2015".

When done, reassign the bug to "security-team@suse.de".
/update/62372/.
Comment 10 Swamp Workflow Management 2015-12-10 23:00:14 UTC
bugbot adjusting priority
Comment 11 Marcus Meissner 2015-12-16 11:50:19 UTC
is public

https://www.samba.org/samba/security/CVE-2015-7540.html

===========================================================
== Subject:     Remote DoS in Samba (AD) LDAP server.
==
== CVE ID#:     CVE-2015-7540
==
== Versions:    Samba 4.0.0 to 4.1.21
==
== Summary:     Malicious request can cause Samba LDAP server
==		to return crash.
==
===========================================================

===========
Description
===========

All versions of Samba from 4.0.0 to 4.1.21 inclusive are vulnerable to
an anonymous memory exhaustion attack in the samba daemon LDAP server.

A malicious client can send packets that cause the LDAP server provided
by the AD DC in the samba daemon process to consume unlimited memory
and be terminated.


==================
Patch Availability
==================

Patches addressing this defect have been posted to

 https://www.samba.org/samba/history/security.html

Additionally, Samba 4.1.22 has been issued as
security releases to correct the defect.
Samba vendors and administrators running affected versions are
advised to upgrade or apply the patch as soon as possible.

==========
Workaround
==========

None.

=======
Credits
=======

This problem was found by the Codenomicon Defensics product
http://www.codenomicon.com, now part of Synopsys. Jeremy Allison of
Google and the Samba Team provided the fix into Samba master in Sep
2014. It was found to address this issue by Ralph Böhme of SerNet and
the Samba Team.
Comment 12 Swamp Workflow Management 2015-12-24 15:11:47 UTC
openSUSE-SU-2015:2356-1: An update that solves 7 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 939050,939051,949022,951660,953382,954658,958580,958581,958582,958583,958584,958585,958586
CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-7540,CVE-2015-8467
Sources used:
openSUSE 13.2 (src):    ldb-1.1.24-3.4.1, samba-4.1.22-21.1, talloc-2.1.5-2.6.1, tdb-1.3.8-3.1, tevent-0.9.26-3.1
openSUSE 13.1 (src):    ldb-1.1.24-3.7.1, samba-4.1.22-3.46.1, talloc-2.1.5-7.10.1, tdb-1.3.8-4.7.1, tevent-0.9.26-4.7.1
Comment 15 James McDonough 2016-02-25 12:07:06 UTC
As we do not build the Samba AD LDAP server, we do not ship the vulnerable binaries.
Comment 16 Marcus Meissner 2016-03-01 13:19:55 UTC
note posted to CVE page.