ID CVE-2017-9461
Summary smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
References
Vulnerable Configurations
  • Samba 4.4.9
    cpe:2.3:a:samba:samba:4.4.9
  • Samba 4.5.0
    cpe:2.3:a:samba:samba:4.5.0
  • Samba 4.5.1
    cpe:2.3:a:samba:samba:4.5.1
  • Samba 4.5.2
    cpe:2.3:a:samba:samba:4.5.2
  • Samba 4.5.3
    cpe:2.3:a:samba:samba:4.5.3
  • Samba 4.5.4
    cpe:2.3:a:samba:samba:4.5.4
  • Samba 4.5.5
    cpe:2.3:a:samba:samba:4.5.5
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-399
CAPEC
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170801_SAMBA_ON_SL7_X.NASL
    description The following packages have been upgraded to a later upstream version: samba (4.6.2). Security Fix(es) : - A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 102656
    published 2017-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102656
    title Scientific Linux Security Update : samba on SL7.x x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1950.NASL
    description An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102745
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102745
    title CentOS 7 : samba (CESA-2017:1950)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1219.NASL
    description According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103077
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103077
    title EulerOS 2.0 SP1 : samba (EulerOS-SA-2017-1219)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1220.NASL
    description According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103078
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103078
    title EulerOS 2.0 SP2 : samba (EulerOS-SA-2017-1220)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2778.NASL
    description An update for samba is now available for Red Hat Gluster Storage 3.3 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619. Bug Fix(es) : * In the samba configuration, by default the 'posix locking' is enabled and 'stat cache' is disabled. Enabling 'posix locking' sends the file lock request to the bricks too, and disabling 'stat cache' blocks samba to cache certain information at the samba layer. This led to decrease in performance of SMB access of Red Hat Gluster Storage volumes As a fix, the following two options are included in the samba configuration file: posix locking = No stat cache = Yes Due to this, a slight improvement in the performance is observed. (BZ#1436265)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 103453
    published 2017-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103453
    title RHEL 6 : Storage Server (RHSA-2017:2778)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1950.NASL
    description From Red Hat Security Advisory 2017:1950 : An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 102290
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102290
    title Oracle Linux 7 : samba (ELSA-2017-1950)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2338.NASL
    description An update for samba is now available for Red Hat Gluster Storage 3.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102156
    published 2017-08-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102156
    title RHEL 7 : Red Hat Gluster Storage (RHSA-2017:2338)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3348-1.NASL
    description It was discovered that Samba incorrectly handled dangling symlinks. A remote attacker could possibly use this issue to cause Samba to hang, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-9461) In addition, this update fixes a regression introduced by USN-3267-1 that caused Samba to incorrectly handle non-wide symlinks to directories. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 101262
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101262
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : samba vulnerability (USN-3348-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1950.NASL
    description An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 102106
    published 2017-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102106
    title RHEL 7 : samba (RHSA-2017:1950)
redhat via4
advisories
  • bugzilla
    id 1461336
    title Smbclient not working properly with winbind separator '+'
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment ctdb is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950045
        • comment ctdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20160006014
      • AND
        • comment ctdb-tests is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950017
        • comment ctdb-tests is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20160006036
      • AND
        • comment libsmbclient is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950019
        • comment libsmbclient is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860012
      • AND
        • comment libsmbclient-devel is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950029
        • comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860022
      • AND
        • comment libwbclient is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950047
        • comment libwbclient is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867026
      • AND
        • comment libwbclient-devel is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950035
        • comment libwbclient-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867008
      • AND
        • comment samba is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950005
        • comment samba is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860006
      • AND
        • comment samba-client is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950007
        • comment samba-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860014
      • AND
        • comment samba-client-libs is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950043
        • comment samba-client-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20160006044
      • AND
        • comment samba-common is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950055
        • comment samba-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860016
      • AND
        • comment samba-common-libs is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950009
        • comment samba-common-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20160006012
      • AND
        • comment samba-common-tools is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950025
        • comment samba-common-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20160006016
      • AND
        • comment samba-dc is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950027
        • comment samba-dc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867028
      • AND
        • comment samba-dc-libs is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950011
        • comment samba-dc-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867014
      • AND
        • comment samba-devel is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950041
        • comment samba-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867020
      • AND
        • comment samba-krb5-printing is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950021
        • comment samba-krb5-printing is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171265006
      • AND
        • comment samba-libs is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950039
        • comment samba-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867024
      • AND
        • comment samba-pidl is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950053
        • comment samba-pidl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867022
      • AND
        • comment samba-python is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950033
        • comment samba-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867010
      • AND
        • comment samba-test is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950013
        • comment samba-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867040
      • AND
        • comment samba-test-libs is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950031
        • comment samba-test-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20160006028
      • AND
        • comment samba-vfs-glusterfs is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950051
        • comment samba-vfs-glusterfs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867044
      • AND
        • comment samba-winbind is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950037
        • comment samba-winbind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860010
      • AND
        • comment samba-winbind-clients is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950049
        • comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860020
      • AND
        • comment samba-winbind-krb5-locator is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950015
        • comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111221018
      • AND
        • comment samba-winbind-modules is earlier than 0:4.6.2-8.el7
          oval oval:com.redhat.rhsa:tst:20171950023
        • comment samba-winbind-modules is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140867016
    rhsa
    id RHSA-2017:1950
    released 2017-08-01
    severity Low
    title RHSA-2017:1950: samba security, bug fix, and enhancement update (Low)
  • rhsa
    id RHSA-2017:2338
  • rhsa
    id RHSA-2017:2778
rpms
  • ctdb-0:4.6.2-8.el7
  • ctdb-tests-0:4.6.2-8.el7
  • libsmbclient-0:4.6.2-8.el7
  • libsmbclient-devel-0:4.6.2-8.el7
  • libwbclient-0:4.6.2-8.el7
  • libwbclient-devel-0:4.6.2-8.el7
  • samba-0:4.6.2-8.el7
  • samba-client-0:4.6.2-8.el7
  • samba-client-libs-0:4.6.2-8.el7
  • samba-common-0:4.6.2-8.el7
  • samba-common-libs-0:4.6.2-8.el7
  • samba-common-tools-0:4.6.2-8.el7
  • samba-dc-0:4.6.2-8.el7
  • samba-dc-libs-0:4.6.2-8.el7
  • samba-devel-0:4.6.2-8.el7
  • samba-krb5-printing-0:4.6.2-8.el7
  • samba-libs-0:4.6.2-8.el7
  • samba-pidl-0:4.6.2-8.el7
  • samba-python-0:4.6.2-8.el7
  • samba-test-0:4.6.2-8.el7
  • samba-test-libs-0:4.6.2-8.el7
  • samba-vfs-glusterfs-0:4.6.2-8.el7
  • samba-winbind-0:4.6.2-8.el7
  • samba-winbind-clients-0:4.6.2-8.el7
  • samba-winbind-krb5-locator-0:4.6.2-8.el7
  • samba-winbind-modules-0:4.6.2-8.el7
refmap via4
bid 99455
confirm
mlist [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
Last major update 06-06-2017 - 17:29
Published 06-06-2017 - 17:29
Last modified 15-04-2019 - 10:04
Back to Top