CVE-2009-2906

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DEBIAN-CVE-2009-2906 DSA-1908-1 OPENSUSE-SU-2024:10069-1 OPENSUSE-SU-2024:10334-1 RHSA-2009:1528 RHSA-2009:1529

Modified

Published: 07 Oct 2009, 18:00

Last modified:07 Aug 2024, 06:07

Vulnerability Summary

Overall Risk (default)

low

16/100

CVSS Score

4 MEDIUM

v2.0 (nvd)

EPSS Score

0.4% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Oct 2009, 18:00

Published

Vulnerability first disclosed

07 Aug 2024, 06:07

Last Modified

Vulnerability information updated

Description

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.

CVSS Metrics

v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.40%• Percentile: 61%

Techniques & Countermeasures

CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

canonical•ubuntu_linux
6.06 | 8.04 | 8.10 | 9.04
samba•samba
< 3.0.37 | ≥ 3.2.0, < 3.2.15 | ≥ 3.3.0, < 3.3.8 | 3.4.0 | 3.4.1