CVE-2009-2906 — Infinite Loop in Samba

CWE-835 — Infinite Loop7 documents7 sources

Severity

4.0MEDIUMNVD

EPSS

0.4%

top 39.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux

Timeline

PublishedOct 7

Latest updateMay 2

Description

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶NVDsamba/samba3.2.0 — 3.2.15+4

▶debiandebian/samba< samba 2:3.4.2-1 (bookworm)

▶Debiansamba/samba< 2:3.4.2-1+3

Also affects: Ubuntu Linux 6.06, 8.04, 8.10, 9.04

Patches

Patch: slackware.com ↗Patch: www.securityfocus.com ↗Patch: www.ubuntu.com ↗

🔴Vulnerability Details

GHSA

GHSA-rqxx-j33q-88vv: smbd in Samba 3↗2022-05-02

▶

OSV

CVE-2009-2906: smbd in Samba 3↗2009-10-07

▶

📋Vendor Advisories

Red Hat

samba: infinite loop flaw in smbd on unexpected oplock break notification reply↗2009-10-01

▶

Ubuntu

Samba vulnerabilities↗2009-10-01

▶

Debian

CVE-2009-2906: samba - smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 be...↗2009

▶

💬Community

Bugzilla

CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break notification reply↗2009-10-01

▶