Published: 28/05/2014 Updated: 29/08/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The internal DNS server in Samba 4.x prior to 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote malicious users to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba

Debian Bug report logs - #749845 samba CVE-2014-0239 Potential DOS in Samba internal DNS server Package: samba; Maintainer for samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Source for samba is src:samba (PTS, buildd, popcon) Reported by: Ivo De Decker <ivodedecker@ugentbe> Date: Fri, ...

Several security issues were fixed in Samba ...

The internal DNS server in Samba 4x before 4018 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103 ...

CWE-20 http://www.samba.org/samba/security/CVE-2014-0239 http://www.securitytracker.com/id/1030309 http://secunia.com/advisories/59579 http://security.gentoo.org/glsa/glsa-201502-15.xml http://www.securityfocus.com/bid/67691 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749845 https://usn.ubuntu.com/2257-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-0239

CVE-2014-0239

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect