CVE-2014-0239
published 2014-05-28CVE-2014-0239: The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response…
PriorityP339medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
67.57%
99.2th percentile
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | samba | < samba 2:4.1.8+dfsg-1 (bookworm) | samba 2:4.1.8+dfsg-1 (bookworm) |
| linux | linux_kernel | >= 0 < 3.13.0-46.75 | 3.13.0-46.75 |
| samba | samba | >= 0 < 2:4.1.8+dfsg-1 | 2:4.1.8+dfsg-1 |
| samba | samba | >= 0 < 2:4.1.8+dfsg-1 | 2:4.1.8+dfsg-1 |
| samba | samba | >= 0 < 2:4.1.8+dfsg-1 | 2:4.1.8+dfsg-1 |
| samba | samba | >= 0 < 2:4.1.8+dfsg-1 | 2:4.1.8+dfsg-1 |
| samba | samba | >= 0 < 2:4.1.6+dfsg-1ubuntu2.14.04.2 | 2:4.1.6+dfsg-1ubuntu2.14.04.2 |
| samba | samba | >= 4.0.0 < 4.0.18 | 4.0.18 |
| samba | samba | >= 4.1.0 < 4.1.8 | 4.1.8 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect DNS response packets (QR bit set) sent to Samba's internal DNS server port (UDP/TCP 53); a forged response packet triggers a communication loop — monitor for abnormal CPU/bandwidth consumption on Samba AD DC hosts receiving DNS reply packets ↗
- →The vulnerability is exploitable only when Samba's internal DNS server is in use (not BIND_DLZ backend); scope detection to Samba 4.x before 4.0.18 acting as an AD DC with the internal DNS server enabled ↗
- →Two affected Samba servers can mutually DoS each other by bouncing forged DNS reply packets; look for pairs of Samba AD DC hosts generating sustained high-volume DNS traffic between them ↗
- ·Workaround available: switching to the BIND_DLZ DNS backend eliminates exposure to this vulnerability without patching ↗
- ·Only Samba deployments acting as an AD DC with the internal DNS server enabled are affected; standard Samba file-server builds (RHEL 5, 6, 7, Fedora 19/20) are not vulnerable ↗
- ·Fixed in Samba 4.0.18; Debian fix packaged as 2:4.1.8+dfsg-1 ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2014-06-26·CVSS 3.5
CVE-2014-0178 [LOW] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: Several security issues were fixed in Samba.
Christof Schmitt discovered that Samba incorrectly initialized a certain
response field when vfs shadow copy was enabled. A remote authenticated
attacker could use this issue to possibly obtain sensitive information.
This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2014-0178)
It was discovered that the Samba internal DNS server incorrectly handled QR
fields when processing incoming DNS messages. A remote attacker could use
this issue to cause Samba to consume resources, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0239)
Daniel Berteaud discovered that the Samba NetBIOS name service daemon
incorrectly handled certain malformed packets. A remote att
Red Hat
samba: potential DoS in the internal DNS server
vendor_redhat·2014-05-28·CVSS 5.0
CVE-2014-0239 [MEDIUM] samba: potential DoS in the internal DNS server
samba: potential DoS in the internal DNS server
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
Statement: Not vulnerable. This issue does not affect the version of samba as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of samba3x as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of samba4 as shipped with Red Hat Enterprise Linux 6.
Package: samba (Red Hat Enterprise Linux 4) - Not affected
Package: samba (Red Hat Enterpri
Debian
CVE-2014-0239: samba - The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field i...
vendor_debian·2014·CVSS 5.0
CVE-2014-0239 [MEDIUM] CVE-2014-0239: samba - The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field i...
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
Scope: local
bookworm: resolved (fixed in 2:4.1.8+dfsg-1)
bullseye: resolved (fixed in 2:4.1.8+dfsg-1)
forky: resolved (fixed in 2:4.1.8+dfsg-1)
sid: resolved (fixed in 2:4.1.8+dfsg-1)
trixie: resolved (fixed in 2:4.1.8+dfsg-1)
GHSA
GHSA-4rm5-v8f4-mx8v: The internal DNS server in Samba 4
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2014-0239 [MEDIUM] CWE-20 GHSA-4rm5-v8f4-mx8v: The internal DNS server in Samba 4
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
OSV
linux vulnerabilities
osv·2015-02-26·CVSS 2.1
CVE-2015-0239 linux vulnerabilities
linux vulnerabilities
A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)
Andy Lutomirski discovered an information leak in the Linux kernel's Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)
A restriction bypass was discovered in iptables when conntrack rules are
specif
OSV
linux-lts-utopic vulnerabilities
osv·2015-02-26·CVSS 2.1
CVE-2015-0239 linux-lts-utopic vulnerabilities
linux-lts-utopic vulnerabilities
A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)
Andy Lutomirski discovered an information leak in the Linux kernel's Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)
A restriction bypass was discovered in iptables when conntrack rules
OSV
samba vulnerabilities
osv·2014-06-26·CVSS 3.5
CVE-2014-0178 [LOW] samba vulnerabilities
samba vulnerabilities
Christof Schmitt discovered that Samba incorrectly initialized a certain
response field when vfs shadow copy was enabled. A remote authenticated
attacker could use this issue to possibly obtain sensitive information.
This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2014-0178)
It was discovered that the Samba internal DNS server incorrectly handled QR
fields when processing incoming DNS messages. A remote attacker could use
this issue to cause Samba to consume resources, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0239)
Daniel Berteaud discovered that the Samba NetBIOS name service daemon
incorrectly handled certain malformed packets. A remote attacker could use
this issue to cause Samba to consume resources
OSV
CVE-2014-0239: The internal DNS server in Samba 4
osv·2014-05-28·CVSS 5.0
CVE-2014-0239 [MEDIUM] CVE-2014-0239: The internal DNS server in Samba 4
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/59579http://security.gentoo.org/glsa/glsa-201502-15.xmlhttp://www.samba.org/samba/security/CVE-2014-0239http://www.securityfocus.com/bid/67691http://www.securitytracker.com/id/1030309http://secunia.com/advisories/59579http://security.gentoo.org/glsa/glsa-201502-15.xmlhttp://www.samba.org/samba/security/CVE-2014-0239http://www.securityfocus.com/bid/67691http://www.securitytracker.com/id/1030309
2014-05-28
Published