This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 526645 - (CVE-2009-2906) CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break notification reply
CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break no...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,source=vendorsec,repo...
: Security
Depends On: 526657 526658 526659 526660 526661 526663
Blocks:
  Show dependency treegraph
 
Reported: 2009-10-01 05:32 EDT by Tomas Hoger
Modified: 2016-03-04 06:54 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-11-19 10:00:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Upstream patch - 3.0.x (3.42 KB, patch)
2009-10-01 05:35 EDT, Tomas Hoger
no flags Details | Diff
Upstream patch - 3.2.x (4.02 KB, patch)
2009-10-01 05:35 EDT, Tomas Hoger
no flags Details | Diff
Upstream patch - 3.3.x (4.02 KB, patch)
2009-10-01 05:36 EDT, Tomas Hoger
no flags Details | Diff
Upstream patch - 3.4.x (4.08 KB, patch)
2009-10-01 05:37 EDT, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2009-10-01 05:32:01 EDT
Quoting upcoming Samba security advisory:

  Subject: Remote DoS against smbd on authenticated connections
  Versions: All known versions of samba
  Summary: Specially crafted SMB requests on authenticated SMB
    connections can send smbd into a 100% CPU loop, causing a DoS
    on the Samba server

  Description:
  Smbd is susceptible to a remote DoS attack by an authenticated
  remote client.

  If the client sends a reply to an oplock break notification
  that Samba does not expect it can cause smbd to spin the CPU
  repeatedly trying to process the unexpected packet and being
  unable to finish the processing. This is unlikely to happen
  with normal client activity (although not impossible).
Comment 1 Tomas Hoger 2009-10-01 05:35:04 EDT
Created attachment 363297 [details]
Upstream patch - 3.0.x
Comment 2 Tomas Hoger 2009-10-01 05:35:31 EDT
Created attachment 363298 [details]
Upstream patch - 3.2.x
Comment 3 Tomas Hoger 2009-10-01 05:36:07 EDT
Created attachment 363299 [details]
Upstream patch - 3.3.x
Comment 4 Tomas Hoger 2009-10-01 05:37:02 EDT
Created attachment 363300 [details]
Upstream patch - 3.4.x
Comment 7 Tomas Hoger 2009-10-01 06:12:56 EDT
Upstream advisory:
  http://www.samba.org/samba/security/CVE-2009-2906.html

Fixed upstream in: 3.0.37, 3.2.15, 3.3.8 and 3.4.2
Comment 12 Fedora Update System 2009-10-03 14:57:39 EDT
samba-3.2.15-0.36.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2009-10-03 14:59:29 EDT
samba-3.4.2-0.42.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 errata-xmlrpc 2009-10-27 12:46:52 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:1528 https://rhn.redhat.com/errata/RHSA-2009-1528.html
Comment 15 errata-xmlrpc 2009-10-27 13:11:56 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:1529 https://rhn.redhat.com/errata/RHSA-2009-1529.html
Comment 16 errata-xmlrpc 2009-11-16 10:39:56 EST
This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1585 https://rhn.redhat.com/errata/RHSA-2009-1585.html

Note You need to log in before you can comment on or make changes to this bug.