=========================================================== == Subject: Memory leak/Denial of service. == == CVE ID#: CVE-2012-0817 == == Versions: Samba 3.6.0 - 3.6.2 (inclusive) == == Summary: The Samba File Serving daemon (smbd) in Samba versions == 3.6.0 to 3.6.2 is affected by a memory leak that can == cause a server denial of service. == == =========================================================== =========== Description =========== Samba versions 3.6.0 to 3.6.2 inclusive are vulnerable to a memory leak that can cause a server denial of service. The Samba smbd daemon that listens for incoming connections leaks a small amount of memory on every connection attempt. Although this is a small leak, it happens on every connection even without successful authentication. Thus an attacker can simply loop making connection requests and cause the listening daemon to ever increase in size. Eventually the server process will grow enough to either cause memory allocations in other processes to fail, or be killed by the system as part of its out of memory protection. Either way, denial of service would be achieved. The symptom that caused this issue to be discovered was extreme CPU use on an affected system. This was caused by the child processes that were forked from the parent attempting to free the leaked memory. ========== Workaround ========== None. ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 3.6.3 has been issued as security release to correct the defect. Samba administrators running affected versions are advised to upgrade to 3.6.3 or apply the patch as soon as possible. ======= Credits ======= The vulnerability was discovered and reported to the Samba Team by Youzhong Yang and Ira Cooper of MathWorks. Patches were written and tested by Ira Cooper of MathWorks and Jeremy Allison of the Samba Team.