{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-09T22:06:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "99455", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99455"}, {"name": "RHSA-2017:2778", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2778"}, {"name": "RHSA-2017:1950", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1950"}, {"name": "RHSA-2017:2338", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2338"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=12572"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/864291"}, {"name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9461", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "99455", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99455"}, {"name": "RHSA-2017:2778", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2778"}, {"name": "RHSA-2017:1950", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1950"}, {"name": "RHSA-2017:2338", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2338"}, {"name": "https://git.samba.org/?p=samba.git;a=commit;h=10c3e3923022485c720f322ca4f0aca5d7501310", "refsource": "CONFIRM", "url": "https://git.samba.org/?p=samba.git;a=commit;h=10c3e3923022485c720f322ca4f0aca5d7501310"}, {"name": "https://bugzilla.samba.org/show_bug.cgi?id=12572", "refsource": "CONFIRM", "url": "https://bugzilla.samba.org/show_bug.cgi?id=12572"}, {"name": "https://bugs.debian.org/864291", "refsource": "CONFIRM", "url": "https://bugs.debian.org/864291"}, {"name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:11:01.276Z"}, "title": "CVE Program Container", "references": [{"name": "99455", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99455"}, {"name": "RHSA-2017:2778", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2778"}, {"name": "RHSA-2017:1950", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1950"}, {"name": "RHSA-2017:2338", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2338"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=12572"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/864291"}, {"name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9461", "datePublished": "2017-06-06T21:00:00", "dateReserved": "2017-06-06T00:00:00", "dateUpdated": "2024-08-05T17:11:01.276Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCA1676B-E93D-4B1B-87EB-5E9A3F38C13A", "versionEndIncluding": "4.4.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8400346B-095A-4022-A454-1E0782B66357", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0F44626-3477-4804-88D7-847DEC41AA2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C992A5CB-44AF-4F93-934B-D6995886B2D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "0ACE5BE1-B4A8-4B91-AC51-146C82AB8E44", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "29627C2E-FA74-4908-9AFC-6721AD841CC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "D1612767-5F6E-450C-ADC0-75612C7B5B5A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks."}, {"lang": "es", "value": "smbd en Samba versiones anteriores a 4.4.10 y 4.5.x versiones anteriores a 4.5.6, tienen una vulnerabilidad de denegaci\u00f3n de servicio (fd_open_atomic infinite loop con un alto uso de CPU y consumo de memoria) debido a un manejo inadecuado de los enlaces simb\u00f3licos colgantes."}], "id": "CVE-2017-9461", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-06T21:29:00.313", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99455"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1950"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2338"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2778"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.debian.org/864291"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=12572"}, {"source": "cve@mitre.org", "url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99455"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1950"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.debian.org/864291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=12572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:1950", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.6.2-8.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2338", "cpe": "cpe:/a:redhat:storage:3.2:samba:el7", "package": "samba-0:4.6.3-4.el7rhgs", "product_name": "Red Hat Gluster Storage 3.2 for RHEL 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2778", "cpe": "cpe:/a:redhat:storage:3.3:samba:el6", "package": "libldb-0:1.1.29-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2017:2778", "cpe": "cpe:/a:redhat:storage:3.3:samba:el6", "package": "libtalloc-0:2.1.9-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2017:2778", "cpe": "cpe:/a:redhat:storage:3.3:samba:el6", "package": "libtdb-0:1.3.12-1.1.el6rhs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2017:2778", "cpe": "cpe:/a:redhat:storage:3.3:samba:el6", "package": "libtevent-0:0.9.31-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2017:2778", "cpe": "cpe:/a:redhat:storage:3.3:samba:el6", "package": "samba-0:4.6.3-5.el6rhs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", "release_date": "2017-09-21T00:00:00Z"}], "bugzilla": {"description": "samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks", "id": "1459464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459464"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-835", "details": ["smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.", "A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory."], "name": "CVE-2017-9461", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba3x", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2017-02-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-9461\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9461"], "threat_severity": "Low"}