| Description: | Summary:
Samba is prone to multiple vulnerabilities.
Vulnerability Insight:
- CVE-2007-0452:
Internally Samba's file server daemon, smbd, implements
support for deferred file open calls in an attempt to serve
client requests that would otherwise fail due to a share mode
violation. When renaming a file under certain circumstances
it is possible that the request is never removed from the deferred
open queue. smbd will then become stuck is a loop trying to
service the open request.
This bug may allow an authenticated user to exhaust resources
such as memory and CPU on the server by opening multiple CIFS
sessions, each of which will normally spawn a new smbd process,
and sending each connection into an infinite loop.
- CVE-2007-0454:
NOTE: This security advisory only impacts Samba servers
that share AFS file systems to CIFS clients and which have
been explicitly instructed in smb.conf to load the afsacl.so
VFS module.
The source defect results in the name of a file stored on
disk being used as the format string in a call to snprintf().
This bug becomes exploitable only when a user is able
to write to a share which utilizes Samba's afsacl.so library
for setting Windows NT access control lists on files residing
on an AFS file system.
Affected Software/OS:
Samba versions 3.0.6 through 3.0.23d.
Solution:
Update to version 3.0.24 or later.
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
