Samba CVE-2017-9461 Remote Denial of Service Vulnerability



Samba is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause the application to cause an infinite loop with high CPU usage and memory consumption, denying service to legitimate users.

Samba prior to 4.4.10 and 4.5.x versions prior to 4.5.6 are vulnerable.

Information

Bugtraq ID: 99455
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-9461

Remote: Yes
Local: No
Published: Feb 16 2017 12:00AM
Updated: Nov 27 2017 03:09PM
Credit: YOUZHONG YANG
Vulnerable: Ubuntu Ubuntu Linux 17.04
Ubuntu Ubuntu Linux 16.10
Ubuntu Ubuntu Linux 16.04 LTS
Ubuntu Ubuntu Linux 14.04 LTS
Samba Samba 4.5.5
Samba Samba 4.5.4
Samba Samba 4.5.1
Samba Samba 4.5
Samba Samba 4.4.9
Samba Samba 4.4.7
Samba Samba 4.4.6
Samba Samba 4.4.1
Samba Samba 4.4
Samba Samba 4.3.7
Samba Samba 4.3.5
Samba Samba 4.3.4
Samba Samba 4.3.3
Samba Samba 4.3.2
Samba Samba 4.3.1
Samba Samba 4.3
Samba Samba 4.2.10
Samba Samba 4.2.8
Samba Samba 4.2.7
Samba Samba 4.2.6
Samba Samba 4.2.5
Samba Samba 4.2.4
Samba Samba 4.2.3
Samba Samba 4.2.2
Samba Samba 4.2.1
Samba Samba 4.2
Samba Samba 4.1.22
Samba Samba 4.1.21
Samba Samba 4.1.20
Samba Samba 4.1.19
Samba Samba 4.1.18
Samba Samba 4.1.17
Samba Samba 4.1.16
Samba Samba 4.1.15
Samba Samba 4.1.14
Samba Samba 4.1.13
Samba Samba 4.1.10
Samba Samba 4.1.9
Samba Samba 4.1.7
Samba Samba 4.1.3
Samba Samba 4.1.2
Samba Samba 4.1.1
Samba Samba 4.1
Samba Samba 4.0.24
Samba Samba 4.0.23
Samba Samba 4.0.21
Samba Samba 4.0.20
Samba Samba 4.0.19
Samba Samba 4.0.18
Samba Samba 4.0.17
Samba Samba 4.0.13
Samba Samba 4.0.12
Samba Samba 4.0.10
Samba Samba 4.0.2
Samba Samba 3.6.24
Samba Samba 3.6.23
Samba Samba 3.6.22
Samba Samba 3.6.21
Samba Samba 3.6.20
Samba Samba 3.6.19
Samba Samba 3.6.12
Samba Samba 3.6.4
Samba Samba 3.6.3
Samba Samba 3.6.2
Samba Samba 3.6.1
Samba Samba 3.6
Samba Samba 3.5.22
Samba Samba 3.5.21
Samba Samba 3.5.16
Samba Samba 3.5.13
Samba Samba 3.5.9
Samba Samba 3.5.8
Samba Samba 3.5.2
Samba Samba 3.5.1
Samba Samba 3.5
Samba Samba 3.4.15
Samba Samba 3.4.14
Samba Samba 3.4.13
Samba Samba 3.4.12
Samba Samba 3.4.11
Samba Samba 3.4.10
Samba Samba 3.4.8
Samba Samba 3.4.7
Samba Samba 3.4.6
Samba Samba 3.4.5
Samba Samba 3.4.2
Samba Samba 3.4.1
Samba Samba 3.4
Samba Samba 3.3.16
Samba Samba 3.3.15
Samba Samba 3.3.14
Samba Samba 3.3.13
Samba Samba 3.3.12
Samba Samba 3.3.11
Samba Samba 3.3.10
Samba Samba 3.3.9
Samba Samba 3.3.8
Samba Samba 3.3.7
Samba Samba 3.3.6
Samba Samba 3.3.5
Samba Samba 3.3.4
Samba Samba 3.3.3
Samba Samba 3.3.1
Samba Samba 3.3
Samba Samba 3.2.15
Samba Samba 3.2.14
Samba Samba 3.2.13
Samba Samba 3.2.12
Samba Samba 3.2.11
Samba Samba 3.2.10
Samba Samba 3.2.7
Samba Samba 3.2.6
Samba Samba 3.2.5
Samba Samba 3.2.4
Samba Samba 3.2.3
Samba Samba 3.2.2
Samba Samba 3.2.1
Samba Samba 3.2
Samba Samba 3.0.37
Samba Samba 3.0.36
Samba Samba 3.0.35
Samba Samba 3.0.34
Samba Samba 3.0.33
Samba Samba 3.0.32
Samba Samba 3.0.31
Samba Samba 3.0.30
+ Mandriva Linux Mandrake 2007.1 x86_64
+ Mandriva Linux Mandrake 2007.1
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
Samba Samba 3.0.29
Samba Samba 3.0.28
Samba Samba 3.0.27
Samba Samba 3.0.26
Samba Samba 3.0.25
Samba Samba 3.0.24
Samba Samba 3.0.23
Samba Samba 3.0.22
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
Samba Samba 3.0.21
Samba Samba 3.0.20
+ Slackware Linux 10.2
Samba Samba 3.0.19
Samba Samba 3.0.18
Samba Samba 3.0.17
Samba Samba 3.0.16
Samba Samba 3.0.15
Samba Samba 3.0.14
Samba Samba 3.0.13
Samba Samba 3.0.12
Samba Samba 3.0.11
Samba Samba 3.0.10
Samba Samba 3.0.9
Samba Samba 3.0.8
Samba Samba 3.0.7
Samba Samba 3.0.6
Samba Samba 3.0.5
Samba Samba 3.0.4
+ OpenPKG OpenPKG 2.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ Slackware Linux 10.0
Samba Samba 3.0.3
Samba Samba 3.0.2
Samba Samba 3.0.1
Samba Samba 3.0
Samba Samba 2.18.3
Samba Samba 2.2.12
Samba Samba 2.2.11
Samba Samba 2.2.10
Samba Samba 2.2.9
Samba Samba 2.2.8
Samba Samba 2.2.7
Samba Samba 2.2.6
+ Mandriva Linux Mandrake 9.0
Samba Samba 2.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.2
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc3
+ HP CIFS/9000 Server A.01.09.02
+ HP CIFS/9000 Server A.01.09.01
+ HP CIFS/9000 Server A.01.09.01
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.07
+ HP CIFS/9000 Server A.01.07
+ HP CIFS/9000 Server A.01.06
+ HP CIFS/9000 Server A.01.06
+ HP CIFS/9000 Server A.01.05
+ HP CIFS/9000 Server A.01.05
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG 1.1
+ Redhat Linux 8.0 i686
+ Redhat Linux 8.0 i686
+ Redhat Linux 8.0 i386
+ Redhat Linux 8.0 i386
+ Redhat Linux 8.0
+ Redhat Linux 8.0
+ SuSE Linux 8.1
+ SuSE Linux 8.1
Samba Samba 2.2.4
Samba Samba 2.2.3
Samba Samba 2.2.2
Samba Samba 2.2 .0
- SuSE Linux 7.2
Samba Samba 2.0.10
Samba Samba 2.0.9
Samba Samba 2.0.8
Samba Samba 2.0.7
Samba Samba 2.0.6
Samba Samba 2.0.5
Samba Samba 2.0.4
Samba Samba 2.0.3
Samba Samba 2.0.2
Samba Samba 2.0.1
Samba Samba 2.0 .0
Samba Samba 1.9.19
+ Caldera OpenLinux 1.0
+ Caldera OpenLinux 1.0
+ Debian Linux 1.1
+ Debian Linux 1.1
+ Debian Linux 0.93
+ Debian Linux 0.93
+ Redhat Linux 4.x
- Slackware Linux 2.0
- Slackware Linux 2.0
Samba Samba 1.9.18
Samba Samba 1.9.17
Samba Samba 4.5.3
Samba Samba 4.5.2
Samba Samba 4.4.8
Samba Samba 4.4.5
Samba Samba 4.4.4
Samba Samba 4.4.3
Samba Samba 4.4.2
Samba Samba 4.3.9
Samba Samba 4.3.8
Samba Samba 4.3.6
Samba Samba 4.3.13
Samba Samba 4.3.11
Samba Samba 4.3.10
Samba Samba 4.2rc4
Samba Samba 4.2.9
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
Samba Samba 4.2.14
Samba Samba 4.2.13
Samba Samba 4.2.12
Samba Samba 4.2.11
Samba Samba 4.1.8
Samba Samba 4.1.6
Samba Samba 4.1.5
Samba Samba 4.1.4
Samba Samba 4.1.23
Samba Samba 4.1.12
Samba Samba 4.1.11
Samba Samba 4.0.9
Samba Samba 4.0.8
Samba Samba 4.0.7
Samba Samba 4.0.6
Samba Samba 4.0.5
Samba Samba 4.0.4
Samba Samba 4.0.3
Samba Samba 4.0.22
Samba Samba 4.0.16
Samba Samba 4.0.15
Samba Samba 4.0.14
Samba Samba 4.0.11
Samba Samba 4.0.1
Samba Samba 4.0.0
Samba Samba 3.6.9
Samba Samba 3.6.8
Samba Samba 3.6.7
Samba Samba 3.6.6
Samba Samba 3.6.5
Samba Samba 3.6.18
Samba Samba 3.6.17
Samba Samba 3.6.16
Samba Samba 3.6.15
Samba Samba 3.6.14
Samba Samba 3.6.13
Samba Samba 3.6.11
Samba Samba 3.6.10
Samba Samba 3.5.7
Samba Samba 3.5.6
Samba Samba 3.5.5
Samba Samba 3.5.4
Samba Samba 3.5.3
Samba Samba 3.5.20
Samba Samba 3.5.19
Samba Samba 3.5.18
Samba Samba 3.5.17
Samba Samba 3.5.15
Samba Samba 3.5.14
Samba Samba 3.5.12
Samba Samba 3.5.11
Samba Samba 3.5.10
Samba Samba 3.5
Samba Samba 3.4.9
Samba Samba 3.4.4
Samba Samba 3.4.3
Samba Samba 3.4.17
Samba Samba 3.4.16
Samba Samba 3.3.2
Samba Samba 3.2.9
Samba Samba 3.2.8
Samba Samba 3.1.0
Samba Samba 3.1
Samba Samba 2.2A
Samba Samba 2.2.1
Samba Samba 2.2 A
Redhat Gluster Storage 3.0
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
IBM SONAS 1.5.2.7
IBM SONAS 1.5.2.5
IBM SONAS 1.5.2.4
IBM SONAS 1.5.2.3
IBM SONAS 1.5.2.2
IBM SONAS 1.5.2.1
IBM SONAS 1.5.2.0
IBM SONAS 1.5.1.3
IBM SONAS 1.5.1.0
IBM SONAS 1.5.0.2
IBM SONAS 1.5.0.1
IBM SONAS 1.5.0.0


Not Vulnerable: Samba Samba 4.5.6
Samba Samba 4.4.10
IBM SONAS 1.5.2.8


Exploit


The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.


Related Posts

Comments