CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
EPSS
Percentile
75.3%
Smbd is susceptible to a remote DoS attack by an authenticated remote
client.
If the client sends a reply to an oplock break notification
that Samba does not expect it can cause smbd to spin the CPU
repeatedly trying to process the unexpected packet and being
unable to finish the processing. This is unlikely to happen
with normal client activity (although not impossible).
A Patch addressing this issue has been posted to:
http://www.samba.org/samba/security/
Additionally, Samba 3.0.37, 3.2.15, 3.3.8 and 3.4.2 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.
None available
Found by Brad Deputy, Isilon and originally reported by
Tim Prouty, Isilon and Samba Team
Patches provided by Jeremy Allison, Samba Team
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team