Headline
CVE-2014-0239: Samba - Security Announcement Archive
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
CVE-2014-0239.html:
=========================================================== == Subject: Potential DOS in Samba internal DNS server == == CVE ID#: CVE-2014-0239 == == Versions: All versions of Samba later than 4.0.0 == == Summary: The internal DNS server does not check the “reply” flag, == potentially causing a packet loop. == ===========================================================
=========== Description ===========
Samba versions 4.0.0 and above have a flaw in DNS protocol handling in the internal DNS server. The server will not check the “reply” flag in the DNS packet header when processing a request. That makes it vulnerable to reply to a spoofed reply packet with another reply. Two affected servers could thus DOS each other.
================== Patch Availability ==================
Patches addressing this issue have been posted to:
http://www.samba.org/samba/security/
Samba version 4.0.18 includes a patch for this issue.
========== Workaround ==========
Use the BIND_DLZ DNS backend to avoid this issue.
======= Credits =======
This problem was reported on IRC by a Samba user
Patch provided by Kai Blin of the Samba team.
========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================