(HP Issues Fix) Samba smbd Deferred File Open Processing Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1017879 |
|
SecurityTracker URL: http://securitytracker.com/id/1017879
|
|
CVE Reference:
CVE-2007-0452
(Links to External Site)
|
Date: Apr 5 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.0.6 - 3.0.23d
|
Description:
A vulnerability was reported in Samba. A remote authenticated user can cause denial of service conditions.
A remote authenticated user can attempt to rename a file under certain circumstances to cause the target smbd process to enter an infinite loop. The user can open multiple CIFS sessions to cause excessive CPU and memory consuption on the target system.
The vendor discovered this vulnerability.
|
Impact:
A remote authenticated user can cause excessive CPU and memory resources to be consumed on the target system.
|
Solution:
HP has issued the following patches.
HP-UX B.11.11: Install revision A.02.03.01 or subsequent
HP-UX B.11.23: Install revision A.02.03.01 or subsequent
HP-UX B.11.31: Install revision A.02.03.01 or subsequent
The HP advisory is available at:
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00943462
|
Vendor URL: us1.samba.org/samba/security/CVE-2007-0452.html (Links to External Site)
|
Cause:
State error
|
Underlying OS:
UNIX (HP/UX)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 5 Apr 2007 11:40:21 -0400
Subject: HPSBUX02204 SSRT071341 rev.1 - HP-UX Running CIFS Server (Samba), Remote Denial of Service (DoS)
|
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00943462
CVE-2007-0452
|
|
