Max connections vulnerability?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun May 2 04:19:59 MDT 2010
On Tue, Mar 30, 2010 at 10:14:27PM -0400, Mike Gagnon wrote:
> Prior to Samba 3.0.23, Samba was vulnerable to a DOS because an
> unbounded number of connections could be opened (see reference below).
> This vulnerability was fixed in 3.0.23 by limiting the maximum number
> of connections to 2047. However, in modern versions of Samba the
> maximum number of connections is user-configurable--and defaults to
> infinity. Is the default configuration of modern Samba versions
> vulnerable to this attack? Or, is the system invulnerable to this
> attack via some other mechanism?
>
> Reference: http://www.derkeiler.com/Mailing-Lists/Securiteam/2006-07/msg00023.html
Those two are slightly different things. Prior versions had
been vulnerable to an attack where you could very easily
make a single smbd use arbitrary amounts of memory by
issuing so-called Tree Connect requests. This has been
fixed. The "max connections" parameter controls how many
overall smbds can connect to a share. This is indeed
unlimited by default, but you need to use multiple smbds to
exploit this. If you want to limit the overall resource
usage, you need to put the "max connections" and "max smbd
processes" to low values. However, probably with
well-crafted requests it will still be possible to make smbd
use lots of RAM. You might want to look at the system
ulimits if you want to confine this.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100502/bbdfd3c6/attachment.pgp>
More information about the samba-technical
mailing list