CVE-2015-7540.html:

===========================================================
== Subject:     Remote DoS in Samba (AD) LDAP server.
==
== CVE ID#:     CVE-2015-7540
==
== Versions:    Samba 4.0.0 to 4.1.21
==
== Summary:     Malicious request can cause Samba LDAP server
==		to return crash.
==
===========================================================

===========
Description
===========

All versions of Samba from 4.0.0 to 4.1.21 inclusive are vulnerable to
an anonymous memory exhaustion attack in the samba daemon LDAP server.

A malicious client can send packets that cause the LDAP server provided
by the AD DC in the samba daemon process to consume unlimited memory
and be terminated.


==================
Patch Availability
==================

Patches addressing this defect have been posted to

 https://www.samba.org/samba/history/security.html

Additionally, Samba 4.1.22 has been issued as
security releases to correct the defect.
Samba vendors and administrators running affected versions are
advised to upgrade or apply the patch as soon as possible.

==========
Workaround
==========

None.

=======
Credits
=======

This problem was found by the Codenomicon Defensics product
http://www.codenomicon.com, now part of Synopsys. Jeremy Allison of
Google and the Samba Team provided the fix into Samba master in Sep
2014. It was found to address this issue by Ralph Böhme of SerNet and
the Samba Team.