Your message dated Thu, 31 Mar 2022 19:35:52 +0300 with message-id <[email protected]> and subject line Bug#864291: samba: Trivial DOS against servers running 4.2.14+dfsg-0+deb8u5 with Unix Extensions enabled has caused the Debian Bug report #864291, regarding samba: CVE-2017-9461: infinite loop on bad-symlink resolution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 864291: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864291 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: samba Version: 2:4.2.14+dfsg-0+deb8u6 Severity: important Tags: upstream Dear Maintainer, On the current stable version of Samba, it is trivially easy to cause instances of the Samba daemon, smbd, to eat CPU and leak memory. By launching multiple connections, this can be used to cause a DOS of the machine running the Samba service. The fault relates to the handling of dangling symbolic links and can be triggered as follows: 1. Create a broken symbolic link with Unix extensions enabled: smbclient //server/share -c "posix; symlink nothing broken" 2. Try to write to the broken symbolic link with Unix extensions disabled: smbclient //server/share -c "put /etc/issue broken" Step 2 results in an instance of smbd running a busy loop and leaking memory *even after the client has disconnected*. By running step 2 multiple times, CPU and memory resources on the machine can be exhausted. The issue was fixed in the upstream version of Samba in February this year (the fix is in 4.5.6): https://github.com/samba-team/samba/commit/10c3e3923022485c720f322ca4f0aca5d7501310 Given the severity of the issue and the trivial ease with which it can be triggered, is there any chance of this fix being backported to the version of Samba currently supported by Jessie? Thanks, Alun. -- System Information: Debian Release: 8.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/24 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages samba depends on: ii adduser 3.113+nmu3 ii dpkg 1.17.27 ii libbsd0 0.7.0-2 ii libc6 2.19-18+deb8u9 ii libhdb9-heimdal [heimdal-hdb-api-8] 1.6~rc2+dfsg-9 ii libldb1 2:1.1.20-0+deb8u1 ii libpam-modules 1.1.8-3.1+deb8u2 ii libpam-runtime 1.1.8-3.1+deb8u2 ii libpopt0 1.16-10 ii libpython2.7 2.7.9-2+deb8u1 ii libtalloc2 2.1.2-0+deb8u1 ii libtdb1 1.3.6-0+deb8u1 ii libtevent0 0.9.28-0+deb8u1 ii lsb-base 4.1+Debian13+nmu1 ii multiarch-support 2.19-18+deb8u9 ii procps 2:3.3.9-9 ii python 2.7.9-1 ii python-dnspython 1.12.0-1 ii python-ntdb 1.0-5 ii python-samba 2:4.2.14+dfsg-0+deb8u6 pn python2.7:any <none> ii samba-common 2:4.2.14+dfsg-0+deb8u6 ii samba-common-bin 2:4.2.14+dfsg-0+deb8u6 ii samba-dsdb-modules 2:4.2.14+dfsg-0+deb8u6 ii samba-libs 2:4.2.14+dfsg-0+deb8u6 ii tdb-tools 1.3.6-0+deb8u1 ii update-inetd 4.43 Versions of packages samba recommends: ii attr 1:2.4.47-2 ii logrotate 3.8.7-1+b1 ii samba-vfs-modules 2:4.2.14+dfsg-0+deb8u6 Versions of packages samba suggests: pn bind9 <none> pn bind9utils <none> pn ctdb <none> pn ldb-tools <none> ii ntp 1:4.2.6.p5+dfsg-7+deb8u2 pn smbldap-tools <none> pn winbind <none> -- debconf information: samba/run_mode: daemons samba-common/title:
--- End Message ---
--- Begin Message ---This bug has been fixed long time ago. I don't see why it should still be listed as open. Closing it now. /mjt
--- End Message ---
