===========================================================
== Subject:     Remote DoS against smbd on authenticated
==              connections
==
== CVE ID#:     CVE-2009-2906
==
== Versions:    All known versions of samba
==
== Summary:     Specially crafted SMB requests on
==		authenticated SMB connections can send smbd
==		into a 100% CPU loop, causing a DoS on the
==		Samba server
===========================================================

===========
Description
===========

Smbd is susceptible to a remote DoS attack by an authenticated remote
client.

If the client sends a reply to an oplock break notification
that Samba does not expect it can cause smbd to spin the CPU
repeatedly trying to process the unexpected packet and being
unable to finish the processing. This is unlikely to happen
with normal client activity (although not impossible).

==================
Patch Availability
==================

A Patch addressing this issue has been posted to:

    http://www.samba.org/samba/security/

Additionally, Samba 3.0.37, 3.2.15, 3.3.8 and 3.4.2 have been issued
as security releases to correct the defect.  Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==========
Workaround
==========

None available

=======
Credits
=======

Originally reported by Tim Prouty, Isilon and Samba Team

Patches provided by Jeremy Allison, Samba Team

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================