CVE-2017-9461
Advisory lineage Upstream: 0 Downstream: 7
Modified
Published: 06 Jun 2017, 21:00
Last modified:05 Aug 2024, 17:11
Vulnerability Summary
Overall Risk (default)
medium
38/100 CVSS Score
6.8 MEDIUM
v2.0 (nvd)
EPSS Score
3.38% LOW
3% probability -0.65%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
06 Jun 2017, 21:00
Published
Vulnerability first disclosed
05 Aug 2024, 17:11
Last Modified
Vulnerability information updated
Description
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
CVSS Metrics
- v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 6.8AV:N/AC:L/Au:S/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 3.38%• Percentile: 88%
Techniques & Countermeasures
- CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Systems
- debian•debian_linux
8.0
- redhat•enterprise_linux_desktop
7.0
- redhat•enterprise_linux_server
7.0
- redhat•enterprise_linux_server_aus
7.4 | 7.6
- redhat•enterprise_linux_server_eus
7.4 | 7.5 | 7.6
- redhat•enterprise_linux_server_tus
7.6
- redhat•enterprise_linux_workstation
7.0
- samba•samba
≤ 4.4.9 | 4.5.0 | 4.5.1 | 4.5.2 | 4.5.3 | 4.5.4 | 4.5.5
References (8)
- http://www.securityfocus.com/bid/99455
- https://access.redhat.com/errata/RHSA-2017:2778
- https://access.redhat.com/errata/RHSA-2017:1950
- https://access.redhat.com/errata/RHSA-2017:2338
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310
- https://bugzilla.samba.org/show_bug.cgi?id=12572
- https://bugs.debian.org/864291
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html