CVE-2006-3403
First published: Wed Jul 12 2006(Updated: )
The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | =3.0.1 | |
| Samba | =3.0.2 | |
| Samba | =3.0.3 | |
| Samba | =3.0.4 | |
| Samba | =3.0.5 | |
| Samba | =3.0.6 | |
| Samba | =3.0.7 | |
| Samba | =3.0.8 | |
| Samba | =3.0.9 | |
| Samba | =3.0.10 | |
| Samba | =3.0.11 | |
| Samba | =3.0.12 | |
| Samba | =3.0.13 | |
| Samba | =3.0.14 | |
| Samba | =3.0.14a | |
| Samba | =3.0.15 | |
| Samba | =3.0.16 | |
| Samba | =3.0.17 | |
| Samba | =3.0.18 | |
| Samba | =3.0.19 | |
| Samba | =3.0.20a | |
| Samba | =3.0.20b | |
| Samba | =3.0.21 | |
| Samba | =3.0.21a | |
| Samba | =3.0.21b | |
| Samba | =3.0.21c | |
| Samba | =3.0.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.samba.org/samba/security/CAN-2006-3403.html
- http://www.securityfocus.com/bid/18927
- http://secunia.com/advisories/20980
- http://secunia.com/advisories/20983
- http://www.debian.org/security/2006/dsa-1110
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876
- http://www.ubuntu.com/usn/usn-314-1
- http://securitytracker.com/id?1016459
- http://secunia.com/advisories/21018
- http://secunia.com/advisories/21019
- http://secunia.com/advisories/21046
- http://secunia.com/advisories/21086
- http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html
- http://www.kb.cert.org/vuls/id/313836
- http://secunia.com/advisories/21143
- http://security.gentoo.org/glsa/glsa-200607-10.xml
- http://www.redhat.com/support/errata/RHSA-2006-0591.html
- http://www.novell.com/linux/security/advisories/2006_17_sr.html
- http://secunia.com/advisories/21187
- http://secunia.com/advisories/21190
- http://secunia.com/advisories/21159
- http://secunia.com/advisories/21262
- http://www.vmware.com/download/esx/esx-202-200610-patch.html
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
- http://secunia.com/advisories/22875
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://secunia.com/advisories/23155
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:120
- http://www.vupen.com/english/advisories/2006/2745
- http://www.vupen.com/english/advisories/2006/4502
- http://www.vupen.com/english/advisories/2006/4750
- http://docs.info.apple.com/article.html?artnum=304829
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27648
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11355
- http://www.securityfocus.com/archive/1/451426/100/200/threaded
- http://www.securityfocus.com/archive/1/451417/100/200/threaded
- http://www.securityfocus.com/archive/1/451404/100/0/threaded
- http://www.securityfocus.com/archive/1/448957/100/0/threaded
- http://www.securityfocus.com/archive/1/440836/100/0/threaded
- http://www.securityfocus.com/archive/1/440767/100/0/threaded
- http://www.securityfocus.com/archive/1/439880/100/100/threaded
- http://www.securityfocus.com/archive/1/439875/100/0/threaded
- http://www.securityfocus.com/archive/1/439757/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3403?
CVE-2006-3403 is considered a denial of service vulnerability that can cause memory consumption on affected Samba versions.
How do I fix CVE-2006-3403?
To fix CVE-2006-3403, upgrade to a patched version of Samba that is above 3.0.22.
Which Samba versions are affected by CVE-2006-3403?
CVE-2006-3403 affects Samba versions from 3.0.1 to 3.0.22.
What type of attack does CVE-2006-3403 facilitate?
CVE-2006-3403 allows remote attackers to exhaust system memory through numerous share connection requests.
Is there a known exploit for CVE-2006-3403?
While there may not be a publicly available exploit, the vulnerability does pose a significant risk of denial of service.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/samba
- canonical/samba
- version/samba/3.0.1
- version/samba/3.0.2
- version/samba/3.0.3
- version/samba/3.0.4
- version/samba/3.0.5
- version/samba/3.0.6
- version/samba/3.0.7
- version/samba/3.0.8
- version/samba/3.0.9
- version/samba/3.0.10
- version/samba/3.0.11
- version/samba/3.0.12
- version/samba/3.0.13
- version/samba/3.0.14
- version/samba/3.0.14a
- version/samba/3.0.15
- version/samba/3.0.16
- version/samba/3.0.17
- version/samba/3.0.18
- version/samba/3.0.19
- version/samba/3.0.20a
- version/samba/3.0.20b
- version/samba/3.0.21
- version/samba/3.0.21a
- version/samba/3.0.21b
- version/samba/3.0.21c
- version/samba/3.0.22