Rule Category

Alert Message

Rule Explanation

This event is generated when a denial of service attempt is detected in Samba LDAP server. Impact: Detection of a Denial of Service Attack Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

CVE Additional Information

CVE-2015-3223
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
Details
Severity Base Score5.3
Impact Score1.4 Exploit Score3.9
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactLOW Access Vector
Authentication Ease of Access