CVE-2009-2906

CVSS V2 Medium 4 CVSS V3 None
Description
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
Overview
  • CVE ID
  • CVE-2009-2906
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-10-07T18:30:00
  • Last Modified Date
  • 2023-02-13T02:20:19
Weakness Enumerations
CWE URL
CWE-835 http://cwe.mitre.org/data/definitions/835.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 1 OR 3.0.37
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 1 OR 3.2.0 3.2.15
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 1 OR 3.3.0 3.3.8
cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:N/I:N/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 4
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://secunia.com/advisories/36893 Vendor Advisory
http://secunia.com/advisories/36918 Vendor Advisory
http://secunia.com/advisories/36937 Vendor Advisory
http://samba.org/samba/security/CVE-2009-2906.html Vendor Advisory
http://www.securitytracker.com/id?1022976
http://www.securityfocus.com/bid/36573 Patch
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html Patch
http://osvdb.org/58519
http://www.vupen.com/english/advisories/2009/2810 Patch Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439 Patch
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html Patch
http://secunia.com/advisories/36953 Vendor Advisory
http://www.ubuntu.com/usn/USN-839-1 Patch
http://news.samba.org/releases/3.0.37/
http://news.samba.org/releases/3.2.15/
http://news.samba.org/releases/3.4.2/
http://news.samba.org/releases/3.3.8/
http://wiki.rpath.com/Advisories:rPSA-2009-0145
http://secunia.com/advisories/37428
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://support.apple.com/kb/HT4077
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/53575
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090
http://www.securityfocus.com/archive/1/507856/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-2906
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
History
Created Old Value New Value Data Type Notes
2022-05-10 18:02:26 Added to TrackCVE
2023-02-02 19:02:35 2023-02-02T17:16:37 CVE Modified Date updated
2023-02-02 19:02:35 Analyzed Modified Vulnerability Status updated
2023-02-02 19:02:36 smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break notification reply Description updated
2023-02-13 03:03:13 2023-02-13T02:20:19 CVE Modified Date updated
2023-02-13 03:03:13 CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break notification reply smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. Description updated