FreeBSD : samba -- potential Denial of Service bug in smbd (f235fe7a-b9ca-11db-bf0f-0013720b182d)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Samba Team reports :

Internally Samba's file server daemon, smbd, implements support for
deferred file open calls in an attempt to serve client requests that
would otherwise fail due to a share mode violation. When renaming a
file under certain circumstances it is possible that the request is
never removed from the deferred open queue. smbd will then become
stuck is a loop trying to service the open request.

This bug may allow an authenticated user to exhaust resources such as
memory and CPU on the server by opening multiple CIFS sessions, each
of which will normally spawn a new smbd process, and sending each
connection into an infinite loop.

See also :

http://www.samba.org/samba/security/CVE-2007-0452.html
http://www.nessus.org/u?86d5ee83

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 24826 (freebsd_pkg_f235fe7ab9ca11dbbf0f0013720b182d.nasl)

Bugtraq ID:

CVE ID: CVE-2007-0452

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now