Description
A denial of service flaw was found in the LDAP server provided by the AD DC
in the Samba process daemon. A remote attacker could exploit this flaw by
sending a specially crafted packet, which could cause the server to consume
an excessive amount of memory and crash. (CVE-2015-7540)
Multiple buffer over-read flaws were found in the way Samba handled
malformed inputs in certain encodings. An authenticated, remote attacker
could possibly use these flaws to disclose portions of the server memory.
(CVE-2015-5330)
A man-in-the-middle vulnerability was found in the way 'connection signing'
was implemented by Samba. A remote attacker could use this flaw to
downgrade an existing Samba client connection and force the use of plain
text. (CVE-2015-5296)
A missing access control flaw was found in Samba. A remote, authenticated
attacker could use this flaw to view the current snapshot on a Samba share,
despite not having DIRECTORY_LIST access rights. (CVE-2015-5299)
An access flaw was found in the way Samba verified symbolic links when
creating new files on a Samba share. A remote attacker could exploit this
flaw to gain access to files outside of Samba's share path. (CVE-2015-5252)