CVE-2014-0239Improper Input Validation in Samba

CWE-20Improper Input Validation10 documents7 sources
Severity
5.0MEDIUMNVD
OSV3.5OSV2.1
EPSS
22.2%
top 4.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SambaLinux KernelDebian Samba
Timeline
PublishedMay 28
Latest updateMay 17

Description

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

NVDsamba/samba4.0.04.0.18+1
debiandebian/samba< samba 2:4.1.8+dfsg-1 (bookworm)
Debiansamba/samba< 2:4.1.8+dfsg-1+3
Ubuntusamba/samba< 2:4.1.6+dfsg-1ubuntu2.14.04.2
Ubuntulinux/linux_kernel< 3.13.0-46.75

🔴Vulnerability Details

5
GHSA
GHSA-4rm5-v8f4-mx8v: The internal DNS server in Samba 42022-05-17
OSV
linux vulnerabilities2015-02-26
OSV
linux-lts-utopic vulnerabilities2015-02-26
OSV
samba vulnerabilities2014-06-26
OSV
CVE-2014-0239: The internal DNS server in Samba 42014-05-28

📋Vendor Advisories

3
Ubuntu
Samba vulnerabilities2014-06-26
Red Hat
samba: potential DoS in the internal DNS server2014-05-28
Debian
CVE-2014-0239: samba - The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field i...2014

💬Community

1
Bugzilla
CVE-2014-0239 samba: potential DoS in the internal DNS server2014-05-28