3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.084 Low
EPSS
Percentile
94.4%
All current released versions of Samba are vulnerable to a denial of
service on the nmbd NetBIOS name services daemon. A malformed packet
can cause the nmbd server to loop the CPU and prevent any further
NetBIOS name service.
This flaw is not exploitable beyond causing the code to loop
expending CPU resources.
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 4.1.9, 4.0.19 and 3.6.24 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.
None.
This problem was found by a Red Hat user and analyzed by
Stefan Cornelius <[email protected]>. Jeremy Allison of Google
provided the Samba code fix for nmbd.