CVE-2007-0452

Description

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.

How to fix CVE-2007-0452

To remediate CVE-2007-0452, upgrade the affected package to a fixed version below.

• Debian/samba—upgrade to 3.0.23d-5 or later
• Debian/samba—upgrade to 3.0.14a-3sarge4 or later
• Debian/samba—upgrade to 3.0.14a-3sarge4 or later

Is CVE-2007-0452 being exploited?

Low — EPSS is 2.3%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 3.0.23d-5
• from 0, < 3.0.14a-3sarge4
• from 0, < 3.0.14a-3sarge4

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-0452