CVE-1999-0103
published 1996-02-08CVE-1999-0103: Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
14.63%
96.2th percentile
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.10.1+dfsg-6 (bookworm) | krb5 1.10.1+dfsg-6 (bookworm) |
| debian | samba | < samba 2:4.1.8+dfsg-1 (bookworm) | samba 2:4.1.8+dfsg-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mit | kerberos_5 | < 1.11.3 | 1.11.3 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-6 | 1.10.1+dfsg-6 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-6 | 1.10.1+dfsg-6 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-6 | 1.10.1+dfsg-6 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-6 | 1.10.1+dfsg-6 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
samba: potential DoS in the internal DNS server
vendor_redhat·2014-05-28·CVSS 5.0
CVE-2014-0239 [MEDIUM] samba: potential DoS in the internal DNS server
samba: potential DoS in the internal DNS server
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
Statement: Not vulnerable. This issue does not affect the version of samba as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of samba3x as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of samba4 as shipped with Red Hat Enterprise Linux 6.
Package: samba (Red Hat Enterprise Linux 4) - Not affected
Package: samba (Red Hat Enterpri
Debian
CVE-2014-0239: samba - The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field i...
vendor_debian·2014·CVSS 5.0
CVE-2014-0239 [MEDIUM] CVE-2014-0239: samba - The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field i...
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
Scope: local
bookworm: resolved (fixed in 2:4.1.8+dfsg-1)
bullseye: resolved (fixed in 2:4.1.8+dfsg-1)
forky: resolved (fixed in 2:4.1.8+dfsg-1)
sid: resolved (fixed in 2:4.1.8+dfsg-1)
trixie: resolved (fixed in 2:4.1.8+dfsg-1)
Red Hat
krb5: UDP ping-pong flaw in kpasswd
vendor_redhat·2002-06-16·CVSS 5.0
CVE-2002-2443 [MEDIUM] krb5: UDP ping-pong flaw in kpasswd
krb5: UDP ping-pong flaw in kpasswd
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Debian
CVE-2002-2443: krb5 - schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1....
vendor_debian·2002·CVSS 5.0
CVE-2002-2443 [MEDIUM] CVE-2002-2443: krb5 - schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1....
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Scope: local
bookworm: resolved (fixed in 1.10.1+dfsg-6)
bullseye: resolved (fixed in 1.10.1+dfsg-6)
forky: resolved (fixed in 1.10.1+dfsg-6)
sid: resolved (fixed in 1.10.1+dfsg-6)
trixie: resolved (fixed in 1.10.1+dfsg-6)
VulDB
Echo/Chargen UDP Packet Storm denial of service (Nessus ID 10198 / ID 38002)
vuldb·2026-04-16·CVSS 5.0
CVE-1999-0103 [MEDIUM] Echo/Chargen UDP Packet Storm denial of service (Nessus ID 10198 / ID 38002)
A vulnerability, which was classified as critical, was found in Echo and Chargen. Impacted is an unknown function of the component UDP Packet Handler. The manipulation results in denial of service (Storm).
This vulnerability is reported as CVE-1999-0103. The attack can be launched remotely. Moreover, an exploit is present. This vulnerability has historical importance owing to its background and reception.
Disabling the affected component is suggested.
GHSA
GHSA-4rm5-v8f4-mx8v: The internal DNS server in Samba 4
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2014-0239 [MEDIUM] CWE-20 GHSA-4rm5-v8f4-mx8v: The internal DNS server in Samba 4
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
GHSA
GHSA-cqf2-6q6w-6cqw: schpw
ghsa_unreviewed·2022-04-30·CVSS 5.0
CVE-2002-2443 [MEDIUM] CWE-20 GHSA-cqf2-6q6w-6cqw: schpw
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
GHSA
GHSA-46xg-4hcp-2ppj: Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a
ghsa_unreviewed·2022-04-30
CVE-1999-0103 [MEDIUM] GHSA-46xg-4hcp-2ppj: Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
OSV
CVE-2014-0239: The internal DNS server in Samba 4
osv·2014-05-28·CVSS 5.0
CVE-2014-0239 [MEDIUM] CVE-2014-0239: The internal DNS server in Samba 4
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
OSV
CVE-2002-2443: schpw
osv·2013-05-29·CVSS 5.0
CVE-2002-2443 [MEDIUM] CVE-2002-2443: schpw
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
No detection rules found.
Bugzilla
CVE-2014-0239 samba: potential DoS in the internal DNS server
bugzilla·2014-05-28·CVSS 5.0
CVE-2014-0239 [MEDIUM] CVE-2014-0239 samba: potential DoS in the internal DNS server
CVE-2014-0239 samba: potential DoS in the internal DNS server
It was reported [1] that Samba versions 4.0.0 and above have a flaw in DNS protocol handling in the internal DNS server. The server will not check the "reply" flag in the DNS packet header when processing a request. That makes it vulnerable to reply to a spoofed reply packet with another reply. Two affected servers could thus DOS each other
[1]: http://www.samba.org/samba/security/CVE-2014-0239
Patches addressing this issue have been posted to:
http://www.samba.org/samba/security/
Samba version 4.0.18 includes a patch for this issue.
To workaround this issue, use the BIND_DLZ DNS backend.
Discussion:
Additional info:
The internal DNS server in Samba 4.x before 4.0.18 does not check the
QR field in the header section of
Bugzilla
CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd
bugzilla·2013-05-13·CVSS 5.0
CVE-2002-2443 [MEDIUM] CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd
CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd
A flaw in certain programs that handle UDP traffic was discovered and assigned the name CVE-1999-0103 (that CVE specifically mentions echo and chargen as vulnerable). In 2002, a Nessus plugin was included [1] that reference this CVE name, but was for the kpasswd service. Until recently, this issue had not been reported upstream. This issue has since been reported upstream [2] and is now fixed [3].
If a malicious remote user were to spoof their IP address to that of another server running kadmind with the password change port (kpasswd, port 464), or to the target server's IP address itself), kpasswd will pass UDP packets to the spoofed address and reply each time. This can be used to consume bandwidth and CPU on the affected servers runnin
1996-02-08
Published