CVE-2017-9461 — Infinite Loop in Samba

CWE-835 — Infinite Loop9 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

3.4%

top 12.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Linux Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedJun 6

Latest updateMay 13

Description

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶Debiansamba/samba< 2:4.5.6+dfsg-1+3

▶Ubuntusamba/samba< 2:4.3.11+dfsg-0ubuntu0.14.04.9+1

▶NVDsamba/samba4.4.9+6

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Debian Linux 8.0, Enterprise Linux 7.4, 7.6, 7.5

Patches

Patch: bugs.debian.org ↗Patch: bugzilla.samba.org ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-p3px-2xx5-xmgx: smbd in Samba before 4↗2022-05-13

▶

OSV

samba vulnerability↗2017-07-05

▶

CVEList

CVE-2017-9461: smbd in Samba before 4↗2017-06-06

▶

OSV

CVE-2017-9461: smbd in Samba before 4↗2017-06-06

▶

📋Vendor Advisories

Ubuntu

Samba vulnerability↗2017-07-05

▶

Red Hat

samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks↗2017-02-16

▶

Debian

CVE-2017-9461: samba - smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulne...↗2017

▶

💬Community

Bugzilla

CVE-2017-9461 samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks↗2017-06-07

▶