CVE-2009-2906

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

References

• http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
• http://news.samba.org/releases/3.0.37/
• http://news.samba.org/releases/3.2.15/
• http://news.samba.org/releases/3.3.8/
• http://news.samba.org/releases/3.4.2/
• http://osvdb.org/58519
• http://samba.org/samba/security/CVE-2009-2906.html
• http://secunia.com/advisories/36893
• http://secunia.com/advisories/36918
• http://secunia.com/advisories/36937
• http://secunia.com/advisories/36953
• http://secunia.com/advisories/37428
• http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561439
• http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
• http://support.apple.com/kb/HT4077
• http://wiki.rpath.com/Advisories:rPSA-2009-0145
• http://www.securityfocus.com/archive/1/507856/100/0/threaded
• http://www.securityfocus.com/bid/36573
• http://www.securitytracker.com/id?1022976
• http://www.ubuntu.com/usn/USN-839-1
• http://www.vupen.com/english/advisories/2009/2810
• https://exchange.xforce.ibmcloud.com/vulnerabilities/53575
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944
• https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
• https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html