ID CVE-2006-3403
Summary The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
References
Vulnerable Configurations
  • Samba 3.0.1
    cpe:2.3:a:samba:samba:3.0.1
  • Samba 3.0.2
    cpe:2.3:a:samba:samba:3.0.2
  • Samba 3.0.3
    cpe:2.3:a:samba:samba:3.0.3
  • Samba 3.0.4
    cpe:2.3:a:samba:samba:3.0.4
  • Samba 3.0.5
    cpe:2.3:a:samba:samba:3.0.5
  • Samba 3.0.6
    cpe:2.3:a:samba:samba:3.0.6
  • Samba 3.0.7
    cpe:2.3:a:samba:samba:3.0.7
  • Samba 3.0.8
    cpe:2.3:a:samba:samba:3.0.8
  • Samba 3.0.9
    cpe:2.3:a:samba:samba:3.0.9
  • Samba 3.0.10
    cpe:2.3:a:samba:samba:3.0.10
  • Samba 3.0.11
    cpe:2.3:a:samba:samba:3.0.11
  • Samba 3.0.12
    cpe:2.3:a:samba:samba:3.0.12
  • Samba 3.0.13
    cpe:2.3:a:samba:samba:3.0.13
  • Samba 3.0.14
    cpe:2.3:a:samba:samba:3.0.14
  • Samba 3.0.14a
    cpe:2.3:a:samba:samba:3.0.14a
  • Samba 3.0.15
    cpe:2.3:a:samba:samba:3.0.15
  • Samba 3.0.16
    cpe:2.3:a:samba:samba:3.0.16
  • Samba 3.0.17
    cpe:2.3:a:samba:samba:3.0.17
  • Samba 3.0.18
    cpe:2.3:a:samba:samba:3.0.18
  • Samba 3.0.19
    cpe:2.3:a:samba:samba:3.0.19
  • Samba 3.0.20a
    cpe:2.3:a:samba:samba:3.0.20a
  • Samba 3.0.20b
    cpe:2.3:a:samba:samba:3.0.20b
  • Samba 3.0.21
    cpe:2.3:a:samba:samba:3.0.21
  • Samba 3.0.21a
    cpe:2.3:a:samba:samba:3.0.21a
  • Samba 3.0.21b
    cpe:2.3:a:samba:samba:3.0.21b
  • Samba 3.0.21c
    cpe:2.3:a:samba:samba:3.0.21c
  • Samba 3.0.22
    cpe:2.3:a:samba:samba:3.0.22
CVSS
Base: 5.0 (as of 12-07-2006 - 17:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-314-1.NASL
    description The Samba security team reported a Denial of Service vulnerability in the handling of information about active connections. In certain circumstances an attacker could continually increase the memory usage of the smbd process by issuing a large number of share connection requests. By draining all available memory, this could be exploited to render the remote Samba server unusable. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27890
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27890
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : samba vulnerability (USN-314-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-120.NASL
    description A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 22020
    published 2006-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22020
    title Mandrake Linux Security Advisory : samba (MDKSA-2006:120)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B168DDEA105A11DBAC96000C6EC775D9.NASL
    description The Samba Team reports : The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests. This defect affects all Samba configurations.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 22018
    published 2006-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22018
    title FreeBSD : samba -- memory exhaustion DoS in smbd (b168ddea-105a-11db-ac96-000c6ec775d9)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-195-01.NASL
    description New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security related (but in my own and also the Samba's team member who made their WHATSNEW.txt entry, 'minor') denial of service issue.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 22050
    published 2006-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22050
    title Slackware 10.0 / 10.1 / 10.2 / current : Samba DoS (SSA:2006-195-01)
  • NASL family Misc.
    NASL id SAMBA_ACL_SECURITY_BYPASS.NASL
    description According to its version number, the version of Samba running on the remote host has a security bypass vulnerability. Access restrictions can be bypassed due to a read of uninitialized data in smbd. This could allow a user to modify an access control list (ACL), even when they should be denied permission. Note the 'dos filemode' parameter must be set to 'yes' in smb.conf in order for an attack to be successful (the default setting is 'no'). Also note versions 3.2.0 - 3.2.12 of smbclient are affected by a format string vulnerability, though Nessus has not checked for this.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 39502
    published 2009-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39502
    title Samba < 3.0.35 / 3.2.13 / 3.3.6 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0591.NASL
    description Updated samba packages that fix a denial of service vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests. (CVE-2006-3403) Users of Samba are advised to upgrade to these packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 22112
    published 2006-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22112
    title RHEL 2.1 / 3 / 4 : samba (RHSA-2006:0591)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1110.NASL
    description Gerald Carter discovered that the smbd daemon from Samba, a free implementation of the SMB/CIFS protocol, imposes insufficient limits in the code to handle shared connections, which can be exploited to exhaust system memory by sending maliciously crafted requests, leading to denial of service.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22652
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22652
    title Debian DSA-1110-1 : samba - missing input sanitising
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0591.NASL
    description Updated samba packages that fix a denial of service vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests. (CVE-2006-3403) Users of Samba are advised to upgrade to these packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22104
    published 2006-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22104
    title CentOS 3 / 4 : samba (CESA-2006:0591)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SAMBA-1961.NASL
    description - Fix pam config file parsing in pam_winbind; bso [#3916]. - Prevent potential crash in winbindd's credential cache handling; [#184450]. - Fix memory exhaustion DoS; CVE-2006-3403; [#190468]. - Fix the munlock call, samba.org svn rev r16755 from Volker. - Change the kerberos principal for LDAP authentication to netbios-name$@realm from host/name@realm; [#184450]. - Ensure to link all required libraries to libnss_wins; [#184306]. - Change log level of debug message to avaoid flodded nmbd log; [#157623]. - Add 'usershare allow guests = Yes' to the default config; [#144787]. - Fix syntax error in configure script.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29574
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29574
    title SuSE 10 Security Update : Samba (ZYPP Patch Number 1961)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200607-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-200607-10 (Samba: Denial of Service vulnerability) During an internal audit the Samba team discovered that a flaw in the way Samba stores share connection requests could lead to a Denial of Service. Impact : By sending a large amount of share connection requests to a vulnerable Samba server, an attacker could cause a Denial of Service due to memory consumption. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 22108
    published 2006-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22108
    title GLSA-200607-10 : Samba: Denial of Service vulnerability
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SAMBA-1830.NASL
    description - Prevent potential crash in winbindd's credential cache handling; [#184450]. - Fix memory exhaustion DoS; CVE-2006-3403; [#190468]. - Fix the munlock call, samba.org svn rev r16755 from Volker. - Change the kerberos principal for LDAP authentication to netbios-name$@realm from host/name@realm; [#184450]. - Ensure to link all required libraries to libnss_wins; [#184306]. - Change log level of debug message to avaoid flodded nmbd log; [#157623]. - Add 'usershare allow guests = Yes' to the default config; [#144787]. - Add CHANGEPW kpasswd fallback to TCP; [#184945]. - Honour 'sn' attribute for eDir; [#176799]. - Adapt smbclient fix to smbtree to enable long share names; [#175999]. - Make smbclient -L use RPC to list shares, fall back to RAP; [#171311]. - Re-add in-forest domain trusts; [bso #3823]. - Remove SO_SNDBUF and SO_RCVBUF from socket options example; [#165723]. - Add wbinfo --own-domain; [#167344]. - Fix usability of pam_winbind on a Samba PDC; [bso #3800]. - Remove intrusive affinity patches for winbindd. - Merge Volker's winbindd crash fix for half-opened connections in winbindd_cm.c (sessionsetup succeeded but tconX failed). - Optimize lookup of user's group memberships via ExtendedDn LDAP control; [#168100]. - Restart winbind if the hostname is modified by the DHCP client; [#169260]. - Prevent passwords beeing swapped to disc; [#174834]. - Remove length limit from winbind cache cleanup function; [#175737]. - Fix NDS_ldapsam memory leak. - Only add password to linked list when necessary. - Don't try cached credentials when changing passwords. - Cleanup winbind linked list of credential caches. - Use the index objectCategory attribute in AD LDAP requests. - Adjust AD time difference when validating tickets. - Add password change warning for passwords beeing too young. - Remove experimental Heimdal KCM support. - Added 'usershare allow guests' global parameter; [#144787]. - Return domain name in samrquerydominfo 5; [#172756]. - Fix unauthorized access when logging in with pam_winbind; [#156385]. - Don't ever set O_SYNC on open unless 'strict sync = yes'; [#165431]. - Correct fix to exit from 'net' with an inproper configuration; [#163227], [#182749].
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27426
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27426
    title openSUSE 10 Security Update : samba (samba-1830)
oval via4
accepted 2013-04-29T04:13:29.186-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
family unix
id oval:org.mitre.oval:def:11355
status accepted
submitted 2010-07-09T03:56:16-04:00
title The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
version 24
redhat via4
advisories
bugzilla
id 197836
title CVE-2006-3403 Samba denial of service
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhba:tst:20070026001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhba:tst:20070304001
rhsa
id RHSA-2006:0591
released 2006-07-25
severity Important
title RHSA-2006:0591: samba security update (Important)
refmap via4
apple APPLE-SA-2006-11-28
bid 18927
bugtraq
  • 20060710 Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
  • 20060710 [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
  • 20060711 rPSA-2006-0128-1 samba samba-swat
  • 20060720 Samba Internal Data Structures DOS Vulnerability Exploit
  • 20060721 Re: Samba Internal Data Structures DOS Vulnerability Exploit
  • 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
  • 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2
  • 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2
cert TA06-333A
cert-vn VU#313836
confirm
debian DSA-1110
gentoo GLSA-200607-10
hp
  • HPSBUX02155
  • SSRT061235
mandriva MDKSA-2006:120
misc http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html
sectrack 1016459
secunia
  • 20980
  • 20983
  • 21018
  • 21019
  • 21046
  • 21086
  • 21143
  • 21159
  • 21187
  • 21190
  • 21262
  • 22875
  • 23155
sgi 20060703-01-P
slackware SSA:2006-195
suse SUSE-SR:2006:017
ubuntu USN-314-1
vupen
  • ADV-2006-2745
  • ADV-2006-4502
  • ADV-2006-4750
xf samba-smbd-connection-dos(27648)
Last major update 02-08-2013 - 01:11
Published 12-07-2006 - 15:05
Last modified 18-10-2018 - 12:47
Back to Top