CVE-2017-9461: smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory…

medium6.5CVSS 3.0

AVNACLPRLUINSUCNINAH

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

Affected

24 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	samba	< samba 2:4.5.6+dfsg-1 (bookworm)	samba 2:4.5.6+dfsg-1 (bookworm)
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_workstation	—	—
samba	samba	<= 4.4.9	—
samba	samba	—	—
samba	samba	—	—
samba	samba	—	—
samba	samba	—	—
samba	samba	—	—
samba	samba	—	—
samba	samba	>= 0 < 2:4.5.6+dfsg-1	2:4.5.6+dfsg-1
samba	samba	>= 0 < 2:4.5.6+dfsg-1	2:4.5.6+dfsg-1
samba	samba	>= 0 < 2:4.5.6+dfsg-1	2:4.5.6+dfsg-1
samba	samba	>= 0 < 2:4.5.6+dfsg-1	2:4.5.6+dfsg-1
samba	samba	>= 0 < 2:4.3.11+dfsg-0ubuntu0.14.04.9	2:4.3.11+dfsg-0ubuntu0.14.04.9
samba	samba	>= 0 < 2:4.3.11+dfsg-0ubuntu0.16.04.8	2:4.3.11+dfsg-0ubuntu0.16.04.8

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

osv6.5MEDIUM