CVE-2009-2906 — MEDIUM (4.0)

Q: How severe is CVE-2009-2906?

CVE-2009-2906 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-2906?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Canonical Ubuntu Linux.

Vulnerability Description

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Samba	Samba	< 3.0.37
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-835

References

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.htmlMailing ListThird Party Advisory
http://news.samba.org/releases/3.0.37/Vendor Advisory
http://news.samba.org/releases/3.2.15/Vendor Advisory
http://news.samba.org/releases/3.3.8/Vendor Advisory
http://news.samba.org/releases/3.4.2/Vendor Advisory
http://osvdb.org/58519Broken Link
http://samba.org/samba/security/CVE-2009-2906.htmlVendor Advisory
http://secunia.com/advisories/36893Vendor Advisory
http://secunia.com/advisories/36918Vendor Advisory
http://secunia.com/advisories/36937Vendor Advisory
http://secunia.com/advisories/36953Vendor Advisory
http://secunia.com/advisories/37428Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackwarePatchThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1Broken Link

FAQ

What is CVE-2009-2906?

CVE-2009-2906 is a vulnerability with a CVSS score of 4.0 (MEDIUM). smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock br...

How severe is CVE-2009-2906?

CVE-2009-2906 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2906?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Canonical Ubuntu Linux.