CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
97.2%
Issue Overview:
A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of memory and crash.
A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.
Affected Packages:
libldb
Issue Correction:
Run yum update libldb to update your system.
New Packages:
i686:
pyldb-1.1.20-1.7.amzn1.i686
pyldb-devel-1.1.20-1.7.amzn1.i686
libldb-devel-1.1.20-1.7.amzn1.i686
libldb-debuginfo-1.1.20-1.7.amzn1.i686
ldb-tools-1.1.20-1.7.amzn1.i686
libldb-1.1.20-1.7.amzn1.i686
src:
libldb-1.1.20-1.7.amzn1.src
x86_64:
pyldb-1.1.20-1.7.amzn1.x86_64
ldb-tools-1.1.20-1.7.amzn1.x86_64
libldb-1.1.20-1.7.amzn1.x86_64
pyldb-devel-1.1.20-1.7.amzn1.x86_64
libldb-debuginfo-1.1.20-1.7.amzn1.x86_64
libldb-devel-1.1.20-1.7.amzn1.x86_64
Red Hat: CVE-2015-3223, CVE-2015-5330
Mitre: CVE-2015-3223, CVE-2015-5330
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | pyldb | < 1.1.20-1.7.amzn1 | pyldb-1.1.20-1.7.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | pyldb-devel | < 1.1.20-1.7.amzn1 | pyldb-devel-1.1.20-1.7.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libldb-devel | < 1.1.20-1.7.amzn1 | libldb-devel-1.1.20-1.7.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libldb-debuginfo | < 1.1.20-1.7.amzn1 | libldb-debuginfo-1.1.20-1.7.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | ldb-tools | < 1.1.20-1.7.amzn1 | ldb-tools-1.1.20-1.7.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libldb | < 1.1.20-1.7.amzn1 | libldb-1.1.20-1.7.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | pyldb | < 1.1.20-1.7.amzn1 | pyldb-1.1.20-1.7.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | ldb-tools | < 1.1.20-1.7.amzn1 | ldb-tools-1.1.20-1.7.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libldb | < 1.1.20-1.7.amzn1 | libldb-1.1.20-1.7.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | pyldb-devel | < 1.1.20-1.7.amzn1 | pyldb-devel-1.1.20-1.7.amzn1.x86_64.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
97.2%