CVE-2009-2906

2009-10-0718:30:00

CWE-835

redhat

web.nvd.nist.gov

smbd

samba

cve-2009-2906

denial of service

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

AI Score

8.8

Confidence

High

EPSS

0.005

Percentile

75.3%

JSON

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.

Affected configurations

Nvd

Node

sambasambaRange<3.0.37

sambasambaRange3.2.0–3.2.15

sambasambaRange3.3.0–3.3.8

sambasambaMatch3.4.0

sambasambaMatch3.4.1

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04-

canonicalubuntu_linuxMatch8.10

canonicalubuntu_linuxMatch9.04

VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
sambasamba3.4.0cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*
sambasamba3.4.1cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
canonicalubuntu_linux8.10cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
canonicalubuntu_linux9.04cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samba	samba	*	cpe:2.3:a:samba:samba::::::::
samba	samba	3.4.0	cpe:2.3:a:samba:samba:3.4.0:::::::*
samba	samba	3.4.1	cpe:2.3:a:samba:samba:3.4.1:::::::*
canonical	ubuntu_linux	6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
canonical	ubuntu_linux	8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
canonical	ubuntu_linux	8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
canonical	ubuntu_linux	9.04	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*