SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(Sun Issues Fix) Samba smbd Processing Flaw Lets Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1023202
SecurityTracker URL:  http://securitytracker.com/id/1023202
CVE Reference:   CVE-2009-2906   (Links to External Site)
Date:  Nov 19 2009
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): versions prior to 3.0.37, 3.2.15, 3.3.8, 3.4.2
Description:   A vulnerability was reported in Samba. A remote authenticated user can cause denial of service conditions.

A remote authenticated user can send a specially crafted reply to an oplock break notification to cause the target smbd service to enter an infinite loop and consume excessive CPU resources.

Tim Prouty, Isilon, and the Samba Team reported this vulnerability.

Impact:   A remote authenticated user can cause the target smbd service to enter an infinite loop and consume excessive CPU resources.
Solution:   Sun has issued a fix.

SPARC Platform

* Solaris 10 with patch 119757-17 or later
* OpenSolaris based upon builds snv_127 or later

x86 Platform

* Solaris 10 with patch 119758-17 or later
* OpenSolaris based upon builds snv_127 or later

Sun is working on a fix for Solaris 9.

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-271069-1

Vendor URL:  samba.org/samba/security/CVE-2009-2906.html (Links to External Site)
Cause:   State error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  9, 10, OpenSolaris

Message History:   This archive entry is a follow-up to the message listed below.
Oct 1 2009 Samba smbd Processing Flaw Lets Remote Authenticated Users Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC