Main Vulnerability Database SB2014062507

SB2014062507 - Input validation error in samba (Alpine package)

Published: June 25, 2014

Security Bulletin ID SB2014062507

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2014-0244)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=309b701735b868b852f60a1d4a6cf6046a5982b9
https://git.alpinelinux.org/aports/commit/?id=93413d654bcad7ee2ff55f3f900f8463ec12e1c8
https://git.alpinelinux.org/aports/commit/?id=f627bd8b1a814a45ae23c03af368ea17cd1fae3b
https://git.alpinelinux.org/aports/commit/?id=78b979ac65ba3411be0c978f668d87fd432bf2ac