Vulnerability Details CVE-2006-3403
The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.298
EPSS Ranking 96.3%
CVSS Severity
CVSS v2 Score 5.0
References
- ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/20980
- http://secunia.com/advisories/20983
- http://secunia.com/advisories/21018
- http://secunia.com/advisories/21019
- http://secunia.com/advisories/21046
- http://secunia.com/advisories/21086
- http://secunia.com/advisories/21143
- http://secunia.com/advisories/21159
- http://secunia.com/advisories/21187
- http://secunia.com/advisories/21190
- http://secunia.com/advisories/21262
- http://secunia.com/advisories/22875
- http://secunia.com/advisories/23155
- http://security.gentoo.org/glsa/glsa-200607-10.xml
- http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html
- http://securitytracker.com/id?1016459
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876
- http://www.debian.org/security/2006/dsa-1110
- http://www.kb.cert.org/vuls/id/313836
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:120
- http://www.novell.com/linux/security/advisories/2006_17_sr.html
- http://www.redhat.com/support/errata/RHSA-2006-0591.html
- http://www.samba.org/samba/security/CAN-2006-3403.html
- http://www.securityfocus.com/archive/1/439757/100/0/threaded
- http://www.securityfocus.com/archive/1/439875/100/0/threaded
- http://www.securityfocus.com/archive/1/439880/100/100/threaded
- http://www.securityfocus.com/archive/1/440767/100/0/threaded
- http://www.securityfocus.com/archive/1/440836/100/0/threaded
- http://www.securityfocus.com/archive/1/448957/100/0/threaded
- http://www.securityfocus.com/archive/1/448957/100/0/threaded
- http://www.securityfocus.com/archive/1/451404/100/0/threaded
- http://www.securityfocus.com/archive/1/451417/100/200/threaded
- http://www.securityfocus.com/archive/1/451426/100/200/threaded
- http://www.securityfocus.com/bid/18927
- http://www.ubuntu.com/usn/usn-314-1
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://www.vmware.com/download/esx/esx-202-200610-patch.html
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
- http://www.vupen.com/english/advisories/2006/2745
- http://www.vupen.com/english/advisories/2006/4502
- http://www.vupen.com/english/advisories/2006/4750
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27648
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11355
- ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/20980
- http://secunia.com/advisories/20983
- http://secunia.com/advisories/21018
- http://secunia.com/advisories/21019
- http://secunia.com/advisories/21046
- http://secunia.com/advisories/21086
- http://secunia.com/advisories/21143
- http://secunia.com/advisories/21159
- http://secunia.com/advisories/21187
- http://secunia.com/advisories/21190
- http://secunia.com/advisories/21262
- http://secunia.com/advisories/22875
- http://secunia.com/advisories/23155
- http://security.gentoo.org/glsa/glsa-200607-10.xml
- http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html
- http://securitytracker.com/id?1016459
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876
- http://www.debian.org/security/2006/dsa-1110
- http://www.kb.cert.org/vuls/id/313836
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:120
- http://www.novell.com/linux/security/advisories/2006_17_sr.html
- http://www.redhat.com/support/errata/RHSA-2006-0591.html
- http://www.samba.org/samba/security/CAN-2006-3403.html
- http://www.securityfocus.com/archive/1/439757/100/0/threaded
- http://www.securityfocus.com/archive/1/439875/100/0/threaded
- http://www.securityfocus.com/archive/1/439880/100/100/threaded
- http://www.securityfocus.com/archive/1/440767/100/0/threaded
- http://www.securityfocus.com/archive/1/440836/100/0/threaded
- http://www.securityfocus.com/archive/1/448957/100/0/threaded
- http://www.securityfocus.com/archive/1/448957/100/0/threaded
- http://www.securityfocus.com/archive/1/451404/100/0/threaded
- http://www.securityfocus.com/archive/1/451417/100/200/threaded
- http://www.securityfocus.com/archive/1/451426/100/200/threaded
- http://www.securityfocus.com/bid/18927
- http://www.ubuntu.com/usn/usn-314-1
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://www.vmware.com/download/esx/esx-202-200610-patch.html
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
- http://www.vupen.com/english/advisories/2006/2745
- http://www.vupen.com/english/advisories/2006/4502
- http://www.vupen.com/english/advisories/2006/4750
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27648
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11355
Products affected by CVE-2006-3403
-
cpe:2.3:a:samba:samba:3.0.1
-
cpe:2.3:a:samba:samba:3.0.10
-
cpe:2.3:a:samba:samba:3.0.11
-
cpe:2.3:a:samba:samba:3.0.12
-
cpe:2.3:a:samba:samba:3.0.13
-
cpe:2.3:a:samba:samba:3.0.14
-
cpe:2.3:a:samba:samba:3.0.14a
-
cpe:2.3:a:samba:samba:3.0.15
-
cpe:2.3:a:samba:samba:3.0.16
-
cpe:2.3:a:samba:samba:3.0.17
-
cpe:2.3:a:samba:samba:3.0.18
-
cpe:2.3:a:samba:samba:3.0.19
-
cpe:2.3:a:samba:samba:3.0.2
-
cpe:2.3:a:samba:samba:3.0.20a
-
cpe:2.3:a:samba:samba:3.0.20b
-
cpe:2.3:a:samba:samba:3.0.21
-
cpe:2.3:a:samba:samba:3.0.21a
-
cpe:2.3:a:samba:samba:3.0.21b
-
cpe:2.3:a:samba:samba:3.0.21c
-
cpe:2.3:a:samba:samba:3.0.22
-
cpe:2.3:a:samba:samba:3.0.3
-
cpe:2.3:a:samba:samba:3.0.4
-
cpe:2.3:a:samba:samba:3.0.5
-
cpe:2.3:a:samba:samba:3.0.6
-
cpe:2.3:a:samba:samba:3.0.7
-
cpe:2.3:a:samba:samba:3.0.8
-
cpe:2.3:a:samba:samba:3.0.9