CVE-2014-0244
published 2014-06-23CVE-2014-0244: The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of…
PriorityP423low3.3CVSS 2.0
AVAACLAuNCNINAP
EPSS
20.48%
97.2th percentile
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | samba | < samba 2:4.1.9+dfsg-1 (bookworm) | samba 2:4.1.9+dfsg-1 (bookworm) |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
CVSS provenance
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:N/I:N/A:P
osv3.5LOW
vendor_ubuntu3.5LOW
vendor_debian3.3LOW
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2014-06-26·CVSS 3.5
CVE-2014-0178 [LOW] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: Several security issues were fixed in Samba.
Christof Schmitt discovered that Samba incorrectly initialized a certain
response field when vfs shadow copy was enabled. A remote authenticated
attacker could use this issue to possibly obtain sensitive information.
This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2014-0178)
It was discovered that the Samba internal DNS server incorrectly handled QR
fields when processing incoming DNS messages. A remote attacker could use
this issue to cause Samba to consume resources, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0239)
Daniel Berteaud discovered that the Samba NetBIOS name service daemon
incorrectly handled certain malformed packets. A remote att
Red Hat
samba: nmbd denial of service
vendor_redhat·2014-06-12·CVSS 3.3
CVE-2014-0244 [LOW] samba: nmbd denial of service
samba: nmbd denial of service
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time.
Package: samba (Red Hat Enterprise Linux 5) - Not affected
Package: samba (Red Hat Storage 2.1) - Affected
Debian
CVE-2014-0244: samba - The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0...
vendor_debian·2014·CVSS 3.3
CVE-2014-0244 [LOW] CVE-2014-0244: samba - The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0...
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
Scope: local
bookworm: resolved (fixed in 2:4.1.9+dfsg-1)
bullseye: resolved (fixed in 2:4.1.9+dfsg-1)
forky: resolved (fixed in 2:4.1.9+dfsg-1)
sid: resolved (fixed in 2:4.1.9+dfsg-1)
trixie: resolved (fixed in 2:4.1.9+dfsg-1)
GHSA
GHSA-5j3x-73cr-cpg5: The sys_recvfrom function in nmbd in Samba 3
ghsa_unreviewed·2022-05-14
CVE-2014-0244 [LOW] CWE-20 GHSA-5j3x-73cr-cpg5: The sys_recvfrom function in nmbd in Samba 3
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
OSV
samba vulnerabilities
osv·2014-06-26·CVSS 3.5
CVE-2014-0178 [LOW] samba vulnerabilities
samba vulnerabilities
Christof Schmitt discovered that Samba incorrectly initialized a certain
response field when vfs shadow copy was enabled. A remote authenticated
attacker could use this issue to possibly obtain sensitive information.
This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2014-0178)
It was discovered that the Samba internal DNS server incorrectly handled QR
fields when processing incoming DNS messages. A remote attacker could use
this issue to cause Samba to consume resources, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0239)
Daniel Berteaud discovered that the Samba NetBIOS name service daemon
incorrectly handled certain malformed packets. A remote attacker could use
this issue to cause Samba to consume resources
OSV
CVE-2014-0244: The sys_recvfrom function in nmbd in Samba 3
osv·2014-06-23·CVSS 3.3
CVE-2014-0244 [LOW] CVE-2014-0244: The sys_recvfrom function in nmbd in Samba 3
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-0244 CVE-2014-3493 samba: various flaws [fedora-all]
bugzilla·2014-06-23·CVSS 3.3
CVE-2014-0244 [LOW] CVE-2014-0244 CVE-2014-3493 samba: various flaws [fedora-all]
CVE-2014-0244 CVE-2014-3493 samba: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects multiple supported versio
Bugzilla
CVE-2014-0244 samba: nmbd denial of service
bugzilla·2014-05-14·CVSS 3.3
CVE-2014-0244 [LOW] CVE-2014-0244 samba: nmbd denial of service
CVE-2014-0244 samba: nmbd denial of service
Created attachment 895515
Strace of nmbd when the problem is triggered
Description of problem:
I'm running samba3x (samba3x-3.6.6-0.139.el5_10) as an simple NT domain controler on a CentOS 5.10, and found sometime the nmbd process stuck (eating 100% CPU, and not responding anymore to any request, making any domain login impossible). The only solution was to kill -9 this process and restart it. It was occuring randomly, so was quite hard to troubleshoot, but after a few hours, I've finaly identified what's causing it (well at least, I know a simple request from a client is enough to trigger it)
I'll attach:
- a strace of the process at the time the problem occure. In this file the last lines (recvfrom(12, 0xbfcff9c8, 576, 0, 0xbfcffc08, 0xbfc
http://advisories.mageia.org/MGASA-2014-0279.htmlhttp://linux.oracle.com/errata/ELSA-2014-0866.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0866.htmlhttp://secunia.com/advisories/59378http://secunia.com/advisories/59407http://secunia.com/advisories/59433http://secunia.com/advisories/59579http://secunia.com/advisories/59834http://secunia.com/advisories/59848http://secunia.com/advisories/59919http://secunia.com/advisories/61218http://security.gentoo.org/glsa/glsa-201502-15.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:136http://www.mandriva.com/security/advisories?name=MDVSA-2015:082http://www.samba.org/samba/security/CVE-2014-0244http://www.securityfocus.com/archive/1/532757/100/0/threadedhttp://www.securityfocus.com/bid/68148http://www.securitytracker.com/id/1030455https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1https://bugzilla.redhat.com/show_bug.cgi?id=1097815https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993http://advisories.mageia.org/MGASA-2014-0279.htmlhttp://linux.oracle.com/errata/ELSA-2014-0866.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0866.htmlhttp://secunia.com/advisories/59378http://secunia.com/advisories/59407http://secunia.com/advisories/59433http://secunia.com/advisories/59579http://secunia.com/advisories/59834http://secunia.com/advisories/59848http://secunia.com/advisories/59919http://secunia.com/advisories/61218http://security.gentoo.org/glsa/glsa-201502-15.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:136http://www.mandriva.com/security/advisories?name=MDVSA-2015:082http://www.samba.org/samba/security/CVE-2014-0244http://www.securityfocus.com/archive/1/532757/100/0/threadedhttp://www.securityfocus.com/bid/68148http://www.securitytracker.com/id/1030455https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1https://bugzilla.redhat.com/show_bug.cgi?id=1097815https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
2014-06-23
Published