CVE-2017-9461

high-risk
Published 2017-06-06

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

Do I need to act?

~
3.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (17)

Affected Vendors

Redhat Samba Debian

References (16)

Third Party Advisory http://www.securityfocus.com/bid/99455
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1950
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2338
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2778
Exploit https://bugs.debian.org/864291
Exploit https://bugzilla.samba.org/show_bug.cgi?id=12572
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0ac...
Third Party Advisory https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
Third Party Advisory http://www.securityfocus.com/bid/99455
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1950
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2338
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2778
Exploit https://bugs.debian.org/864291
Exploit https://bugzilla.samba.org/show_bug.cgi?id=12572
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0ac...
Third Party Advisory https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
50
/ 100
high-risk
Severity 24/34 · High
Exploitability 7/34 · Low
Exposure 19/34 · Moderate