FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-0452

This CVE name corresponds to:

Entered Topic
2007-03-16 samba -- potential Denial of Service bug in smbd

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-0452 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-0452
Phase Assigned(20070123)

Description

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.

References

Source Reference
BUGTRAQ 20070205 [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d
BUGTRAQ 20070207 rPSA-2007-0026-1 samba samba-swat
CONFIRM http://us1.samba.org/samba/security/CVE-2007-0452.html
CONFIRM https://issues.rpath.com/browse/RPL-1005
DEBIAN DSA-1257
FEDORA FEDORA-2007-219
FEDORA FEDORA-2007-220
GENTOO GLSA-200702-01
HP HPSBUX02204
HP SSRT071341
MANDRIVA MDKSA-2007:034
REDHAT RHSA-2007:0060
REDHAT RHSA-2007:0061
SGI 20070201-01-P
SLACKWARE SSA:2007-038-01
SUNALERT 200588
SUSE SUSE-SA:2007:016
TRUSTIX 2007-0007
UBUNTU USN-419-1
BID 22395
OVAL oval:org.mitre.oval:def:9758
VUPEN ADV-2007-0483
VUPEN ADV-2007-1278
OSVDB 33100
SECTRACK 1017587
SECUNIA 24021
SECUNIA 24060
SECUNIA 24030
SECUNIA 24067
SECUNIA 24101
SECUNIA 24046
SECUNIA 24151
SECUNIA 24145
SECUNIA 24076
SECUNIA 24140
SECUNIA 24188
SECUNIA 24792
SECUNIA 24284
SREASON 2219
XF samba-smbd-filerename-dos(32301)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.