Max connections vulnerability?
Mike Gagnon
mikegagnon at gmail.com
Tue Mar 30 20:14:27 MDT 2010
Prior to Samba 3.0.23, Samba was vulnerable to a DOS because an
unbounded number of connections could be opened (see reference below).
This vulnerability was fixed in 3.0.23 by limiting the maximum number
of connections to 2047. However, in modern versions of Samba the
maximum number of connections is user-configurable--and defaults to
infinity. Is the default configuration of modern Samba versions
vulnerable to this attack? Or, is the system invulnerable to this
attack via some other mechanism?
Reference: http://www.derkeiler.com/Mailing-Lists/Securiteam/2006-07/msg00023.html
Thank you very much,
Michael Gagnon
More information about the samba-technical
mailing list