14050: Samba Denial of Service Vulnerability

Samba Denial of Service Vulnerability

General Info

	TC:	14050
	Description:	A vulnerability has been reported in Samba, which can be exploited by malicious users to cause a DoS (Denial of Service). Under certain conditions, smbd fails to remove requests from the deferred file open queue. This can be exploited to cause a DoS due to heavy resource usage by triggering an infinite loop when renaming a file under special circumstances. The security issue has been fixed in version 3.0.24.
	TC Impact:	Gather Info
	Service:	NetBios Session

Specific Operations and Actions:

	Vulnerability Publication:	February 6, 2007
	Advisory Copyright:	Vendor
	Summary:	A vulnerability has been reported in Samba, which can be exploited by malicious users to cause a DoS (Denial of Service).
	Risk:	Medium
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
	CVSS 2.0 Base Score:	6.8

	Vulnerability Impact:	Denial of Service Attack

	Host Impact:	Denial of Service.
	Nature of Remediation:	Update the software.

	Step required to fix the reported vulnerability:
	*** Solution type: Upgrade Software *** Upgrade to Samba version 3.0.24 or newer. See references for more details.

Glossary and References :

	References:
	* BUGTRAQ: 20070205 [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d http://www.securityfocus.com/archive/1/archive/1/459167/100/0/threaded * BUGTRAQ: 20070207 rPSA-2007-0026-1 samba samba-swat http://www.securityfocus.com/archive/1/archive/1/459365/100/0/threaded * CONFIRM: http://us1.samba.org/samba/security/CVE-2007-0452.html * CONFIRM: https://issues.rpath.com/browse/RPL-1005 * DEBIAN: DSA-1257 http://www.debian.org/security/2007/dsa-1257 * FEDORA: FEDORA-2007-219 http://fedoranews.org/cms/node/2579 * FEDORA: FEDORA-2007-220 http://fedoranews.org/cms/node/2580 * GENTOO: GLSA-200702-01 http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml * HP: HPSBUX02204 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00943462 * MANDRIVA: MDKSA-2007:034 http://www.mandriva.com/security/advisories?name=MDKSA-2007:034 * REDHAT: RHSA-2007:0060 http://www.redhat.com/support/errata/RHSA-2007-0060.html * REDHAT: RHSA-2007:0061 http://www.redhat.com/support/errata/RHSA-2007-0061.html * SGI: 20070201-01-P ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc * SLACKWARE: SSA:2007-038-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 * SUSE: SUSE-SA:2007:016 http://lists.suse.com/archive/suse-security-announce/2007-Feb/0002.html * TRUSTIX: 2007-0007 http://www.trustix.org/errata/2007/0007 * UBUNTU: USN-419-1 http://www.ubuntu.com/usn/usn-419-1 * BID: 22395 http://www.securityfocus.com/bid/22395 * FRSIRT: ADV-2007-0483 http://www.frsirt.com/english/advisories/2007/0483 * FRSIRT: ADV-2007-1278 http://www.frsirt.com/english/advisories/2007/1278 * SECTRACK: 1017587 http://securitytracker.com/id?1017587 * SECUNIA: 24021 http://secunia.com/advisories/24021 * SECUNIA: 24060 http://secunia.com/advisories/24060 * SECUNIA: 24030 http://secunia.com/advisories/24030 * SECUNIA: 24067 http://secunia.com/advisories/24067 * SECUNIA: 24101 http://secunia.com/advisories/24101 * SECUNIA: 24046 http://secunia.com/advisories/24046 * SECUNIA: 24151 http://secunia.com/advisories/24151 * SECUNIA: 24145 http://secunia.com/advisories/24145 * SECUNIA: 24076 http://secunia.com/advisories/24076 * SECUNIA: 24140 http://secunia.com/advisories/24140 * SECUNIA: 24188 http://secunia.com/advisories/24188 * SECUNIA: 24792 http://secunia.com/advisories/24792 * SECUNIA: 24284 http://secunia.com/advisories/24284 * SREASON: 2219 http://securityreason.com/securityalert/2219 * XF: samba-smbd-filerename-dos(32301) http://xforce.iss.net/xforce/xfdb/32301

	CVE Link:	CVE-2007-0452

	Glossary:	Denial of Service DoS Samba SMB

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)