Main Vulnerability Database Vulnerabilities #VU41604

Input validation error in Samba - CVE-2014-0239

Published: May 28, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41604

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-0239

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Samba

Software vendor:
Samba

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.

Remediation

Install update from vendor's website.

External links

http://secunia.com/advisories/59579
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.samba.org/samba/security/CVE-2014-0239
http://www.securityfocus.com/bid/67691
http://www.securitytracker.com/id/1030309

Input validation error in Samba - CVE-2014-0239

Description

Remediation

External links

Please verify you're human