Bug 499765 - (CVE-2008-6800) CVE-2008-6800 samba: race condition in winbindd may lead to DoS
CVE-2008-6800 samba: race condition in winbindd may lead to DoS
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
impact=moderate,source=cve,reported=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-07 23:36 EDT by Vincent Danen
Modified: 2009-05-12 17:44 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-12 17:44:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2009-05-07 23:36:37 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-6800 to
the following vulnerability:

Name: CVE-2008-6800
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6800
Assigned: 20090507
Reference: BUGTRAQ:20081030 rPSA-2008-0308-1 samba samba-client samba-server samba-swat
Reference: URL: http://www.securityfocus.com/archive/1/archive/1/497941/100/0/threaded
Reference: MISC: https://issues.rpath.com/browse/RPL-2766
Reference: CONFIRM: http://wiki.rpath.com/Advisories:rPSA-2008-0308
Reference: CONFIRM: http://www.samba.org/samba/history/samba-3.0.32.html

Race condition in the winbind daemon (aka winbindd) in Samba before
3.0.32 allows attackers to cause a denial of service (crash) via
unspecified vectors related to an "unresponsive" child process.
Comment 2 Vincent Danen 2009-05-08 10:36:55 EDT
Upstream commit to fix this issue is here:

http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=c93d42969451949566327e7fdbf29bfcee2c8319
Comment 4 Simo Sorce 2009-05-08 10:47:08 EDT
Sorry, I have to ask, what is the point of this bugzilla ?
Comment 7 Vincent Danen 2009-05-12 17:44:37 EDT
The Red Hat Security Team does not view this as a vulnerability.

The winbindd children process run as root, and in order to exploit this race condition, not only does a local user require sufficiently elevated privileges (such as root), but must also be able to time the kill of the child process accurately, which we do not believe would be at all easy.  If the user did have root privileges, it would be much easier to kill the winbindd parent process, or even take down the entire system, to accomplish a denial of service attack, than to attempt to exploit this race condition.

Note You need to log in before you can comment on or make changes to this bug.