Samba - Security Announcement Archive

CVE-2014-0239.html:

===========================================================
== Subject:     Potential DOS in Samba internal DNS server
==
== CVE ID#:     CVE-2014-0239
==
== Versions:    All versions of Samba later than 4.0.0
==
== Summary:     The internal DNS server does not check the "reply" flag,
==		potentially causing a packet loop.
==
===========================================================

===========
Description
===========

Samba versions 4.0.0 and above have a flaw in DNS protocol handling in the
internal DNS server. The server will not check the "reply" flag in the DNS
packet header when processing a request. That makes it vulnerable to reply
to a spoofed reply packet with another reply. Two affected servers could thus
DOS each other.

==================
Patch Availability
==================

Patches addressing this issue have been posted to:

    http://www.samba.org/samba/security/

Samba version 4.0.18 includes a patch for this issue.

==========
Workaround
==========

Use the BIND_DLZ DNS backend to avoid this issue.

=======
Credits
=======

This problem was reported on IRC by a Samba user

Patch provided by Kai Blin of the Samba team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================