Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 621192 (CVE-2017-9461)

Summary: net-fs/samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: kripton, samba
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1459464
Whiteboard: B3 [noglsa/cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2017-06-08 08:03:55 UTC 
From ${URL} :

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerablity (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling 
symlinks.

Upstream patch:

https://git.samba.org/?p=samba.git;a=commit;h=10c3e3923022485c720f322ca4f0aca5d7501310


@security: please check if this issue needs a GLSA.
Comment 1 D'juan McDonald (domhnall) 2017-09-04 02:34:51 UTC 
@security, any update on this issue? 

Daj'Uan(jmbailey)
Gentoo Security Padawan
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2017-09-04 03:06:46 UTC 
GLSA Vote: No