Launchpad CVE tracker

CVE 2017-9461

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

Related bugs and status

CVE-2017-9461 (Candidate) is related to these bugs:

Bug #1701073: CVE-2017-2619 regression breaks symlinks to directories

		In	Importance	Status
1701073	CVE-2017-2619 regression breaks symlinks to directories	samba (Ubuntu)	High	Fix Released
1701073	CVE-2017-2619 regression breaks symlinks to directories	samba	Unknown	Unknown
1701073	CVE-2017-2619 regression breaks symlinks to directories	samba (Ubuntu Xenial)	High	Fix Released
1701073	CVE-2017-2619 regression breaks symlinks to directories	samba (Ubuntu Yakkety)	High	Fix Released
1701073	CVE-2017-2619 regression breaks symlinks to directories	samba (Ubuntu Zesty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.debian.or...
CONFIRM: https://bugzilla.samba...
CONFIRM: https://git.samba.org/...
BID: 99455
REDHAT: RHSA-2017:2778
REDHAT: RHSA-2017:1950
REDHAT: RHSA-2017:2338
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2017-9461

Related bugs and status

Related bugs

References