(Sun Issues Fix) Samba smbd Processing Flaw Lets Remote Authenticated Users Deny Service
|
|
SecurityTracker Alert ID: 1023202 |
|
SecurityTracker URL: http://securitytracker.com/id/1023202
|
|
CVE Reference:
CVE-2009-2906
(Links to External Site)
|
Date: Nov 19 2009
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): versions prior to 3.0.37, 3.2.15, 3.3.8, 3.4.2
|
Description:
A vulnerability was reported in Samba. A remote authenticated user can cause denial of service conditions.
A remote authenticated user can send a specially crafted reply to an oplock break notification to cause the target smbd service to enter an infinite loop and consume excessive CPU resources.
Tim Prouty, Isilon, and the Samba Team reported this vulnerability.
|
Impact:
A remote authenticated user can cause the target smbd service to enter an infinite loop and consume excessive CPU resources.
|
Solution:
Sun has issued a fix.
SPARC Platform
* Solaris 10 with patch 119757-17 or later
* OpenSolaris based upon builds snv_127 or later
x86 Platform
* Solaris 10 with patch 119758-17 or later
* OpenSolaris based upon builds snv_127 or later
Sun is working on a fix for Solaris 9.
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-271069-1
|
Vendor URL: samba.org/samba/security/CVE-2009-2906.html (Links to External Site)
|
Cause:
State error
|
Underlying OS: UNIX (Solaris - SunOS)
|
Underlying OS Comments: 9, 10, OpenSolaris
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
