The Samba-Bugzilla – Attachment 4763 Details for
Bug 6768
Specifically crafted stream of packets can force smbd into an infinite loop; CVE-2009-2906
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Proposal for an advisory
advisory.txt (text/plain), 1.71 KB, created by
Volker Lendecke
on 2009-09-30 05:43:22 UTC
(
hide
)
Description:
Proposal for an advisory
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2009-09-30 05:43:22 UTC
Size:
1.71 KB
patch
obsolete
>=========================================================== >== Subject: Remote DoS against smbd on authenticated >== connections >== >== CVE ID#: CVE-2009-2906 >== >== Versions: All known versions of samba >== >== Summary: Specially crafted SMB requests on >== authenticated SMB connections can send smbd >== into a 100% CPU loop, causing a DoS on the >== Samba server >=========================================================== > >=========== >Description >=========== > >Smbd is susceptible to a remote DoS attack by an authenticated remote >client. > >The following sequence of events sends smbd into a 100% CPU loop: > >Client A opens a file with a batch oplock > >Client B attempts to unlink the file, due to the oplock break this >unlink is withheld. > >Client A in the oplock break handler sets the file disposition to >delete on close, closes the file and acks the oplock. > >The operation for Client B's unlink request proceeds. Improper >handling of the missing file makes smbd on client B's connection spin. > >================== >Patch Availability >================== > >A Patch addressing this issue has been posted to: > > http://www.samba.org/samba/security/ > >Additionally, Samba 3.0.37, 3.2.15, 3.3.8 and 3.4.2 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >========== >Workaround >========== > >None available > >======= >Credits >======= > >Originally reported by Tim Prouty, Isilon and Samba Team > >Patches provided by Jeremy Allison, Samba Team > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 6768
:
4756
|
4757
|
4758
|
4760
|
4761
|
4762
|
4763
|
4767