|
|
|
|
| |
Credit:
The information has been provided by Youzhong Yang and Ira Cooper.
|
| |
Vulnerable Systems:
* Samba 3.6.0 - 3.6.2 (inclusive)
Samba versions 3.6.0 to 3.6.2 inclusive are vulnerable to a memory
leak that can cause a server denial of service.
The Samba smbd daemon that listens for incoming connections leaks
a small amount of memory on every connection attempt. Although this
is a small leak, it happens on every connection even without successful
authentication. Thus an attacker can simply loop making connection
requests and cause the listening daemon to ever increase in size.
Eventually the server process will grow enough to either cause memory
allocations in other processes to fail, or be killed by the system
as part of its out of memory protection. Either way, denial of service
would be achieved.
The symptom that caused this issue to be discovered was extreme CPU use
on an affected system. This was caused by the child processes that were
forked from the parent attempting to free the leaked memory.
Vendor Status:
Samba had issued an update for this vulnerability.
Patch Availability:
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
CVE Information:
CVE-2012-0817
Disclosure Timeline:
Date issued: 29 Jan 2012
|
|
|
|
|
