CVE-2006-3403

VMware Security Advisory 2006-0007

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.

El demonio smdb (smbd/service.c) en Samba versiones 3.0.1 hasta la 3.0.22, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un gran número de peticiones de conexión compartida.

The Samba security team reported a Denial of Service vulnerability in the handling of information about active connections. In certain circumstances an attacker could continually increase the memory usage of the smbd process by issuing a large number of share connection requests. By draining all available memory, this could be exploited to render the remote Samba server unusable.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-07-06 CVE Reserved
2006-07-12 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (47)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=304829	X_refsource_confirm
http://secunia.com/advisories/21018	Third Party Advisory
http://secunia.com/advisories/21019	Third Party Advisory
http://secunia.com/advisories/21046	Third Party Advisory
http://secunia.com/advisories/21086	Third Party Advisory
http://secunia.com/advisories/21143	Third Party Advisory
http://secunia.com/advisories/21159	Third Party Advisory
http://secunia.com/advisories/21187	Third Party Advisory
http://secunia.com/advisories/21190	Third Party Advisory
http://secunia.com/advisories/21262	Third Party Advisory
http://secunia.com/advisories/22875	Third Party Advisory
http://secunia.com/advisories/23155	Third Party Advisory
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html	X_refsource_misc
http://securitytracker.com/id?1016459	Vdb Entry
http://www.kb.cert.org/vuls/id/313836	Third Party Advisory
http://www.securityfocus.com/archive/1/439757/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/439875/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/439880/100/100/threaded	Mailing List
http://www.securityfocus.com/archive/1/440767/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/440836/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/451404/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/451417/100/200/threaded	Mailing List
http://www.securityfocus.com/archive/1/451426/100/200/threaded	Mailing List
http://www.us-cert.gov/cas/techalerts/TA06-333A.html	Third Party Advisory
http://www.vmware.com/download/esx/esx-202-200610-patch.html	X_refsource_confirm
http://www.vmware.com/download/esx/esx-213-200610-patch.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2006/2745	Vdb Entry
http://www.vupen.com/english/advisories/2006/4502	Vdb Entry
http://www.vupen.com/english/advisories/2006/4750	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/27648	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11355	Signature

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/20980	2018-10-18
http://secunia.com/advisories/20983	2018-10-18
http://www.samba.org/samba/security/CAN-2006-3403.html	2018-10-18
http://www.securityfocus.com/bid/18927	2018-10-18

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc	2018-10-18
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html	2018-10-18
http://security.gentoo.org/glsa/glsa-200607-10.xml	2018-10-18
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876	2018-10-18
http://www.debian.org/security/2006/dsa-1110	2018-10-18
http://www.mandriva.com/security/advisories?name=MDKSA-2006:120	2018-10-18
http://www.novell.com/linux/security/advisories/2006_17_sr.html	2018-10-18
http://www.redhat.com/support/errata/RHSA-2006-0591.html	2018-10-18
http://www.securityfocus.com/archive/1/448957/100/0/threaded	2018-10-18
http://www.ubuntu.com/usn/usn-314-1	2018-10-18
https://access.redhat.com/security/cve/CVE-2006-3403	2006-07-25
https://bugzilla.redhat.com/show_bug.cgi?id=1618140	2006-07-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.1 Search vendor "Samba" for product "Samba" and version "3.0.1"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.2 Search vendor "Samba" for product "Samba" and version "3.0.2"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.3 Search vendor "Samba" for product "Samba" and version "3.0.3"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.4 Search vendor "Samba" for product "Samba" and version "3.0.4"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.5 Search vendor "Samba" for product "Samba" and version "3.0.5"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.6 Search vendor "Samba" for product "Samba" and version "3.0.6"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.7 Search vendor "Samba" for product "Samba" and version "3.0.7"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.8 Search vendor "Samba" for product "Samba" and version "3.0.8"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.9 Search vendor "Samba" for product "Samba" and version "3.0.9"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.10 Search vendor "Samba" for product "Samba" and version "3.0.10"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.11 Search vendor "Samba" for product "Samba" and version "3.0.11"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.12 Search vendor "Samba" for product "Samba" and version "3.0.12"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.13 Search vendor "Samba" for product "Samba" and version "3.0.13"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.14 Search vendor "Samba" for product "Samba" and version "3.0.14"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.14a Search vendor "Samba" for product "Samba" and version "3.0.14a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.15 Search vendor "Samba" for product "Samba" and version "3.0.15"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.16 Search vendor "Samba" for product "Samba" and version "3.0.16"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.17 Search vendor "Samba" for product "Samba" and version "3.0.17"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.18 Search vendor "Samba" for product "Samba" and version "3.0.18"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.19 Search vendor "Samba" for product "Samba" and version "3.0.19"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.20a Search vendor "Samba" for product "Samba" and version "3.0.20a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.20b Search vendor "Samba" for product "Samba" and version "3.0.20b"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21 Search vendor "Samba" for product "Samba" and version "3.0.21"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21a Search vendor "Samba" for product "Samba" and version "3.0.21a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21b Search vendor "Samba" for product "Samba" and version "3.0.21b"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21c Search vendor "Samba" for product "Samba" and version "3.0.21c"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.22 Search vendor "Samba" for product "Samba" and version "3.0.22"		-		Affected