Bug 1459464 (CVE-2017-9461) - CVE-2017-9461 samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks
Summary: CVE-2017-9461 samba: fd_open_atomic infinite loop due to wrong handling of da...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-9461
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1461021 1469906
Blocks: 1415638 1459466
TreeView+ depends on / blocked
 
Reported: 2017-06-07 08:52 UTC by Adam Mariš
Modified: 2019-09-29 14:14 UTC (History)
17 users (show)

Fixed In Version: samba 4.4.10, samba 4.5.6
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory.
Clone Of:
Environment:
Last Closed: 2019-06-08 03:14:46 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1950 normal SHIPPED_LIVE Low: samba security, bug fix, and enhancement update 2017-08-01 18:09:24 UTC
Red Hat Product Errata RHSA-2017:2338 normal SHIPPED_LIVE Moderate: samba security update 2017-08-01 11:46:05 UTC
Red Hat Product Errata RHSA-2017:2778 normal SHIPPED_LIVE Moderate: samba security, bug fix, and enhancement update 2017-09-21 08:16:42 UTC

Description Adam Mariš 2017-06-07 08:52:10 UTC
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerablity (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

Upstream patch:

https://git.samba.org/?p=samba.git;a=commit;h=10c3e3923022485c720f322ca4f0aca5d7501310

Comment 2 Huzaifa S. Sidhpurwala 2017-06-27 08:09:01 UTC
There is an upstream bug at:
https://bugzilla.samba.org/show_bug.cgi?id=12572

Comment 5 errata-xmlrpc 2017-08-01 07:47:30 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.2 for RHEL 7

Via RHSA-2017:2338 https://access.redhat.com/errata/RHSA-2017:2338

Comment 6 errata-xmlrpc 2017-08-01 18:22:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1950 https://access.redhat.com/errata/RHSA-2017:1950

Comment 7 errata-xmlrpc 2017-09-21 04:46:58 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.3 for RHEL 6

Via RHSA-2017:2778 https://access.redhat.com/errata/RHSA-2017:2778


Note You need to log in before you can comment on or make changes to this bug.