Bug 1459464 (CVE-2017-9461)

Summary: CVE-2017-9461 samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abokovoy, anoopcs, asn, dominik.mierzejewski, gdeschner, jarrpa, lists, lmohanty, madam, rhs-smb, sardella, sbose, sisharma, ssaha, ssorce, vbellur, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: samba 4.4.10, samba 4.5.6 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:14:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1461021, 1469906    
Bug Blocks: 1415638, 1459466    

Description Adam Mariš 2017-06-07 08:52:10 UTC 
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerablity (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

Upstream patch:

https://git.samba.org/?p=samba.git;a=commit;h=10c3e3923022485c720f322ca4f0aca5d7501310
Comment 2 Huzaifa S. Sidhpurwala 2017-06-27 08:09:01 UTC 
There is an upstream bug at:
https://bugzilla.samba.org/show_bug.cgi?id=12572
Comment 5 errata-xmlrpc 2017-08-01 07:47:30 UTC 
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.2 for RHEL 7

Via RHSA-2017:2338 https://access.redhat.com/errata/RHSA-2017:2338
Comment 6 errata-xmlrpc 2017-08-01 18:22:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1950 https://access.redhat.com/errata/RHSA-2017:1950
Comment 7 errata-xmlrpc 2017-09-21 04:46:58 UTC 
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.3 for RHEL 6

Via RHSA-2017:2778 https://access.redhat.com/errata/RHSA-2017:2778