CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
95.6%
All versions of Samba from 4.0.0 to 4.1.21 inclusive are vulnerable to
an anonymous memory exhaustion attack in the samba daemon LDAP server.
A malicious client can send packets that cause the LDAP server provided
by the AD DC in the samba daemon process to consume unlimited memory
and be terminated.
Patches addressing this defect have been posted to
https://www.samba.org/samba/history/security.html
Additionally, Samba 4.1.22 has been issued as
security releases to correct the defect.
Samba vendors and administrators running affected versions are
advised to upgrade or apply the patch as soon as possible.
None.
This problem was found by the Codenomicon Defensics product
http://www.codenomicon.com, now part of Synopsys. Jeremy Allison of
Google and the Samba Team provided the fix into Samba master in Sep
2014. It was found to address this issue by Ralph BΓΆhme of SerNet and
the Samba Team.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
95.6%