===========================================================
== Subject:     Remote DoS against smbd on authenticated
==              connections
==
== CVE ID#:     CVE-2009-2906
==
== Versions:    All known versions of samba
==
== Summary:     Specially crafted SMB requests on
==		authenticated SMB connections can send smbd
==		into a 100% CPU loop, causing a DoS on the
==		Samba server
===========================================================

===========
Description
===========

Smbd is susceptible to a remote DoS attack by an authenticated remote
client.

The following sequence of events sends smbd into a 100% CPU loop:

Client A opens a file with a batch oplock

Client B attempts to unlink the file, due to the oplock break this
unlink is withheld.

Client A in the oplock break handler sets the file disposition to
delete on close, closes the file and acks the oplock.

The operation for Client B's unlink request proceeds. Improper
handling of the missing file makes smbd on client B's connection spin.

==================
Patch Availability
==================

A Patch addressing this issue has been posted to:

    http://www.samba.org/samba/security/

Additionally, Samba 3.0.37, 3.2.15, 3.3.8 and 3.4.2 have been issued
as security releases to correct the defect.  Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==========
Workaround
==========

None available

=======
Credits
=======

Originally reported by Tim Prouty, Isilon and Samba Team

Patches provided by Jeremy Allison, Samba Team

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================