CVE-2017-9461

Published: Jun 6, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

Affected (17)

Products: Samba: Samba · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Tus, Enterprise Linux Workstation · Debian: Debian Linux

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	Up to 4.4.9
Samba Samba	Version 4.5.0
Samba Samba	Version 4.5.1
Samba Samba	Version 4.5.2
Samba Samba	Version 4.5.3
Samba Samba	Version 4.5.4
Samba Samba	Version 4.5.5

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Workstation	Version 7.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (16)

http://www.securityfocus.com/bid/99455

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1950

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2338

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2778

Source: cve@mitre.org

Third Party Advisory

https://bugs.debian.org/864291

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://bugzilla.samba.org/show_bug.cgi?id=12572

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party AdvisoryVDB Entry

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/99455

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1950

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2338

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2778

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.debian.org/864291

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://bugzilla.samba.org/show_bug.cgi?id=12572

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party AdvisoryVDB Entry

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.