Bug 526645 (CVE-2009-2906) - CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break notification reply
Summary: CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break no...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-2906
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 526657 526658 526659 526660 526661 526663
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-10-01 09:32 UTC by Tomas Hoger
Modified: 2019-09-29 12:32 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-11-19 15:00:38 UTC
Embargoed:


Attachments (Terms of Use)
Upstream patch - 3.0.x (3.42 KB, patch)
2009-10-01 09:35 UTC, Tomas Hoger
no flags Details | Diff
Upstream patch - 3.2.x (4.02 KB, patch)
2009-10-01 09:35 UTC, Tomas Hoger
no flags Details | Diff
Upstream patch - 3.3.x (4.02 KB, patch)
2009-10-01 09:36 UTC, Tomas Hoger
no flags Details | Diff
Upstream patch - 3.4.x (4.08 KB, patch)
2009-10-01 09:37 UTC, Tomas Hoger
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1528 0 normal SHIPPED_LIVE Moderate: samba security and bug fix update 2009-10-27 16:46:49 UTC
Red Hat Product Errata RHSA-2009:1529 0 normal SHIPPED_LIVE Moderate: samba security update 2009-10-27 17:11:52 UTC
Red Hat Product Errata RHSA-2009:1585 0 normal SHIPPED_LIVE Moderate: samba3x security and bug fix update 2009-11-16 15:39:53 UTC

Description Tomas Hoger 2009-10-01 09:32:01 UTC
Quoting upcoming Samba security advisory:

  Subject: Remote DoS against smbd on authenticated connections
  Versions: All known versions of samba
  Summary: Specially crafted SMB requests on authenticated SMB
    connections can send smbd into a 100% CPU loop, causing a DoS
    on the Samba server

  Description:
  Smbd is susceptible to a remote DoS attack by an authenticated
  remote client.

  If the client sends a reply to an oplock break notification
  that Samba does not expect it can cause smbd to spin the CPU
  repeatedly trying to process the unexpected packet and being
  unable to finish the processing. This is unlikely to happen
  with normal client activity (although not impossible).

Comment 1 Tomas Hoger 2009-10-01 09:35:04 UTC
Created attachment 363297 [details]
Upstream patch - 3.0.x

Comment 2 Tomas Hoger 2009-10-01 09:35:31 UTC
Created attachment 363298 [details]
Upstream patch - 3.2.x

Comment 3 Tomas Hoger 2009-10-01 09:36:07 UTC
Created attachment 363299 [details]
Upstream patch - 3.3.x

Comment 4 Tomas Hoger 2009-10-01 09:37:02 UTC
Created attachment 363300 [details]
Upstream patch - 3.4.x

Comment 7 Tomas Hoger 2009-10-01 10:12:56 UTC
Upstream advisory:
  http://www.samba.org/samba/security/CVE-2009-2906.html

Fixed upstream in: 3.0.37, 3.2.15, 3.3.8 and 3.4.2

Comment 12 Fedora Update System 2009-10-03 18:57:39 UTC
samba-3.2.15-0.36.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2009-10-03 18:59:29 UTC
samba-3.4.2-0.42.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 errata-xmlrpc 2009-10-27 16:46:52 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:1528 https://rhn.redhat.com/errata/RHSA-2009-1528.html

Comment 15 errata-xmlrpc 2009-10-27 17:11:56 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:1529 https://rhn.redhat.com/errata/RHSA-2009-1529.html

Comment 16 errata-xmlrpc 2009-11-16 15:39:56 UTC
This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1585 https://rhn.redhat.com/errata/RHSA-2009-1585.html


Note You need to log in before you can comment on or make changes to this bug.