CVE-2007-0452Infinite Loop in Samba

10 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
2.3%
top 15.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SambaDebian Samba
Timeline
PublishedFeb 6
Latest updateMay 3

Description

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages3 packages

debiandebian/samba< samba 3.0.23d-5 (bookworm)
Debiansamba/samba< 3.0.23d-5+3
NVDsamba/samba22 versions+21

🔴Vulnerability Details

2
GHSA
GHSA-2wrx-698g-6hcq: smbd in Samba 32022-05-03
OSV
CVE-2007-0452: smbd in Samba 32007-02-06

📋Vendor Advisories

3
Ubuntu
Samba vulnerabilities2007-02-06
Red Hat
security flaw2007-02-05
Debian
CVE-2007-0452: samba - smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a...2007

💬Community

4
Bugzilla
CVE-2007-0452 security flaw2018-08-16
Bugzilla
CVE-2007-0452 Samba smbd denial of service2007-02-08
Bugzilla
CVE-2007-0452 Samba smbd denial of service2007-01-31
Bugzilla
CVE-2007-0452 Samba smbd denial of service2007-01-31