[Pkg-samba-maint] Bug#864291: samba: Trivial DOS against servers running 4.2.14+dfsg-0+deb8u5 with Unix Extensions enabled
Alun Jones
auj at aber.ac.uk
Tue Jun 6 13:31:52 UTC 2017
Package: samba
Version: 2:4.2.14+dfsg-0+deb8u6
Severity: important
Tags: upstream
Dear Maintainer,
On the current stable version of Samba, it is trivially easy to cause instances
of the Samba daemon, smbd, to eat CPU and leak memory. By launching
multiple connections, this can be used to cause a DOS of the machine running
the Samba service.
The fault relates to the handling of dangling symbolic links and can
be triggered as follows:
1. Create a broken symbolic link with Unix extensions enabled:
smbclient //server/share -c "posix; symlink nothing broken"
2. Try to write to the broken symbolic link with Unix extensions disabled:
smbclient //server/share -c "put /etc/issue broken"
Step 2 results in an instance of smbd running a busy loop and leaking
memory *even after the client has disconnected*. By running step 2
multiple times, CPU and memory resources on the machine can be exhausted.
The issue was fixed in the upstream version of Samba in February this year
(the fix is in 4.5.6):
https://github.com/samba-team/samba/commit/10c3e3923022485c720f322ca4f0aca5d7501310
Given the severity of the issue and the trivial ease with which it can be
triggered, is there any chance of this fix being backported to the version of
Samba currently supported by Jessie?
Thanks,
Alun.
-- System Information:
Debian Release: 8.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages samba depends on:
ii adduser 3.113+nmu3
ii dpkg 1.17.27
ii libbsd0 0.7.0-2
ii libc6 2.19-18+deb8u9
ii libhdb9-heimdal [heimdal-hdb-api-8] 1.6~rc2+dfsg-9
ii libldb1 2:1.1.20-0+deb8u1
ii libpam-modules 1.1.8-3.1+deb8u2
ii libpam-runtime 1.1.8-3.1+deb8u2
ii libpopt0 1.16-10
ii libpython2.7 2.7.9-2+deb8u1
ii libtalloc2 2.1.2-0+deb8u1
ii libtdb1 1.3.6-0+deb8u1
ii libtevent0 0.9.28-0+deb8u1
ii lsb-base 4.1+Debian13+nmu1
ii multiarch-support 2.19-18+deb8u9
ii procps 2:3.3.9-9
ii python 2.7.9-1
ii python-dnspython 1.12.0-1
ii python-ntdb 1.0-5
ii python-samba 2:4.2.14+dfsg-0+deb8u6
pn python2.7:any <none>
ii samba-common 2:4.2.14+dfsg-0+deb8u6
ii samba-common-bin 2:4.2.14+dfsg-0+deb8u6
ii samba-dsdb-modules 2:4.2.14+dfsg-0+deb8u6
ii samba-libs 2:4.2.14+dfsg-0+deb8u6
ii tdb-tools 1.3.6-0+deb8u1
ii update-inetd 4.43
Versions of packages samba recommends:
ii attr 1:2.4.47-2
ii logrotate 3.8.7-1+b1
ii samba-vfs-modules 2:4.2.14+dfsg-0+deb8u6
Versions of packages samba suggests:
pn bind9 <none>
pn bind9utils <none>
pn ctdb <none>
pn ldb-tools <none>
ii ntp 1:4.2.6.p5+dfsg-7+deb8u2
pn smbldap-tools <none>
pn winbind <none>
-- debconf information:
samba/run_mode: daemons
samba-common/title:
More information about the Pkg-samba-maint
mailing list