Red Hat Bugzilla – Bug 499765
CVE-2008-6800 samba: race condition in winbindd may lead to DoS
Last modified: 2009-05-12 17:44:37 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-6800 to
the following vulnerability:
Reference: BUGTRAQ:20081030 rPSA-2008-0308-1 samba samba-client samba-server samba-swat
Reference: URL: http://www.securityfocus.com/archive/1/archive/1/497941/100/0/threaded
Reference: MISC: https://issues.rpath.com/browse/RPL-2766
Reference: CONFIRM: http://wiki.rpath.com/Advisories:rPSA-2008-0308
Reference: CONFIRM: http://www.samba.org/samba/history/samba-3.0.32.html
Race condition in the winbind daemon (aka winbindd) in Samba before
3.0.32 allows attackers to cause a denial of service (crash) via
unspecified vectors related to an "unresponsive" child process.
Upstream commit to fix this issue is here:
Sorry, I have to ask, what is the point of this bugzilla ?
The Red Hat Security Team does not view this as a vulnerability.
The winbindd children process run as root, and in order to exploit this race condition, not only does a local user require sufficiently elevated privileges (such as root), but must also be able to time the kill of the child process accurately, which we do not believe would be at all easy. If the user did have root privileges, it would be much easier to kill the winbindd parent process, or even take down the entire system, to accomplish a denial of service attack, than to attempt to exploit this race condition.