CVE - CVE-2007-0452

CVE-ID
CVE-2007-0452	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1017587 URL:http://securitytracker.com/id?1017587 MISC:200588 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1~~ (Obsolete source) MISC:2007-0007 URL:~~http://www.trustix.org/errata/2007/0007~~ (Obsolete source - check if archived by the Wayback Machine) MISC:20070201-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc MISC:20070205 [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d URL:http://www.securityfocus.com/archive/1/459167/100/0/threaded MISC:20070207 rPSA-2007-0026-1 samba samba-swat URL:http://www.securityfocus.com/archive/1/459365/100/0/threaded MISC:2219 URL:http://securityreason.com/securityalert/2219 MISC:22395 URL:http://www.securityfocus.com/bid/22395 MISC:24021 URL:http://secunia.com/advisories/24021 MISC:24030 URL:http://secunia.com/advisories/24030 MISC:24046 URL:http://secunia.com/advisories/24046 MISC:24060 URL:http://secunia.com/advisories/24060 MISC:24067 URL:http://secunia.com/advisories/24067 MISC:24076 URL:http://secunia.com/advisories/24076 MISC:24101 URL:http://secunia.com/advisories/24101 MISC:24140 URL:http://secunia.com/advisories/24140 MISC:24145 URL:http://secunia.com/advisories/24145 MISC:24151 URL:http://secunia.com/advisories/24151 MISC:24188 URL:http://secunia.com/advisories/24188 MISC:24284 URL:http://secunia.com/advisories/24284 MISC:24792 URL:http://secunia.com/advisories/24792 MISC:33100 URL:~~http://osvdb.org/33100~~ (Obsolete source) MISC:ADV-2007-0483 URL:~~http://www.vupen.com/english/advisories/2007/0483~~ (Obsolete source) MISC:ADV-2007-1278 URL:~~http://www.vupen.com/english/advisories/2007/1278~~ (Obsolete source) MISC:DSA-1257 URL:http://www.debian.org/security/2007/dsa-1257 MISC:FEDORA-2007-219 URL:http://fedoranews.org/cms/node/2579 MISC:FEDORA-2007-220 URL:http://fedoranews.org/cms/node/2580 MISC:GLSA-200702-01 URL:http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml MISC:HPSBUX02204 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00943462 MISC:MDKSA-2007:034 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:034~~ (Obsolete source) MISC:RHSA-2007:0060 URL:http://www.redhat.com/support/errata/RHSA-2007-0060.html MISC:RHSA-2007:0061 URL:http://www.redhat.com/support/errata/RHSA-2007-0061.html MISC:SSA:2007-038-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 MISC:SSRT071341 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00943462 MISC:SUSE-SA:2007:016 URL:http://lists.suse.com/archive/suse-security-announce/2007-Feb/0002.html MISC:USN-419-1 URL:http://www.ubuntu.com/usn/usn-419-1 MISC:http://us1.samba.org/samba/security/CVE-2007-0452.html URL:http://us1.samba.org/samba/security/CVE-2007-0452.html MISC:https://issues.rpath.com/browse/RPL-1005 URL:https://issues.rpath.com/browse/RPL-1005 MISC:oval:org.mitre.oval:def:9758 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9758 MISC:samba-smbd-filerename-dos(32301) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32301
Assigning CNA
Red Hat, Inc.
Date Record Created
20070123	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070123)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)