Bug 1459464 (CVE-2017-9461)
Summary: | CVE-2017-9461 samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | abokovoy, anoopcs, asn, dominik.mierzejewski, gdeschner, jarrpa, lists, lmohanty, madam, rhs-smb, sardella, sbose, sisharma, ssaha, ssorce, vbellur, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | samba 4.4.10, samba 4.5.6 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:14:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1461021, 1469906 | ||
Bug Blocks: | 1415638, 1459466 |
Description
Adam Mariš
2017-06-07 08:52:10 UTC
There is an upstream bug at: https://bugzilla.samba.org/show_bug.cgi?id=12572 This issue has been addressed in the following products: Red Hat Gluster Storage 3.2 for RHEL 7 Via RHSA-2017:2338 https://access.redhat.com/errata/RHSA-2017:2338 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1950 https://access.redhat.com/errata/RHSA-2017:1950 This issue has been addressed in the following products: Red Hat Gluster Storage 3.3 for RHEL 6 Via RHSA-2017:2778 https://access.redhat.com/errata/RHSA-2017:2778 |