Vulnerability Name:

CVE-2017-9461 (CCN-126916)

Assigned:2017-02-09
Published:2017-02-09
Updated:2019-10-03
Summary:smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-835
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2017-9461

Source: CCN
Type: IBM Security Bulletin S1010376 (Spectrum Scale)
A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2017-9461)

Source: CCN
Type: IBM Security Bulletin S1010656 (Scale Out Network Attached Storage)
Security Bulletin: Samba vulnerability affects IBM SONAS (CVE-2017-9461)

Source: CCN
Type: IBM Security Bulletin S1010671 (Storwize V7000 Unified (2073))
Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-9461)

Source: BID
Type: Third Party Advisory, VDB Entry
99455

Source: CCN
Type: BID-99455
Samba CVE-2017-9461 Remote Denial of Service Vulnerability

Source: REDHAT
Type: Third Party Advisory
RHSA-2017:1950

Source: REDHAT
Type: Third Party Advisory
RHSA-2017:2338

Source: REDHAT
Type: Third Party Advisory
RHSA-2017:2778

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugs.debian.org/864291

Source: CCN
Type: Debian Bug report logs - #864291
samba: CVE-2017-9461: infinite loop on bad-symlink resolution

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Third Party Advisory, VDB Entry
https://bugzilla.samba.org/show_bug.cgi?id=12572

Source: XF
Type: UNKNOWN
samba-cve20179461-dos(126916)

Source: CCN
Type: Samba GIT Repository
s3: smbd: Don't loop infinitely on bad-symlink resolution

Source: CONFIRM
Type: Vendor Advisory
https://git.samba.org/?p=samba.git;a=commit;h=10c3e3923022485c720f322ca4f0aca5d7501310

Source: MLIST
Type: Third Party Advisory
[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version <= 4.4.9)
  • OR cpe:/a:samba:samba:4.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:4.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:4.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:4.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:4.5.5:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:4.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:4.4.9:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.2.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20171950
    P
    		RHSA-2017:1950: samba security, bug fix, and enhancement update (Low)
    2017-08-01
    oval:com.ubuntu.xenial:def:201794610000000
    V
    		CVE-2017-9461 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-06-06
    oval:com.ubuntu.artful:def:20179461000
    V
    		CVE-2017-9461 on Ubuntu 17.10 (artful) - medium.
    2017-06-06
    oval:com.ubuntu.trusty:def:20179461000
    V
    		CVE-2017-9461 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-06-06
    oval:com.ubuntu.xenial:def:20179461000
    V
    		CVE-2017-9461 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-06-06
    BACK
    samba samba *
    samba samba 4.5.0
    samba samba 4.5.1
    samba samba 4.5.2
    samba samba 4.5.3
    samba samba 4.5.4
    samba samba 4.5.5
    redhat enterprise linux desktop 7.0
    redhat enterprise linux server 7.0
    redhat enterprise linux server aus 7.4
    redhat enterprise linux server aus 7.6
    redhat enterprise linux server eus 7.4
    redhat enterprise linux server eus 7.5
    redhat enterprise linux server eus 7.6
    redhat enterprise linux server tus 7.6
    redhat enterprise linux workstation 7.0
    debian debian linux 8.0
    samba samba 4.5.5
    samba samba 4.4.9
    ibm spectrum scale 4.1.1.0
    ibm spectrum scale 4.2.0.0
    ibm spectrum scale 4.2.1
    ibm spectrum scale 4.2.2
    ibm spectrum scale 4.2.3