#VU41604 Input validation error in Samba - CVE-2014-0239

Cybersecurity Help s.r.o.

Published: 2014-05-28 | Updated: 2020-08-10

Vulnerability identifier: #VU41604

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2014-0239

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 4.0.1 - 4.0.17

External links
https://secunia.com/advisories/59579
https://security.gentoo.org/glsa/glsa-201502-15.xml
https://www.samba.org/samba/security/CVE-2014-0239
https://www.securityfocus.com/bid/67691
https://www.securitytracker.com/id/1030309

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Slackware Linux update for samba

Input validation error in Samba