CVE-2014-0244.html:

===========================================================
== Subject:     Denial of service - CPU loop
==
== CVE ID#:     CVE-2014-0244
==
== Versions:    Samba 3.6.0 - 4.1.8 (inclusive)
==
== Summary:     Samba 3.6.x to 4.1.8 are affected by a
==              denial of service attack on unauthenticated
==		nmbd NetBIOS name services.
==
===========================================================

===========
Description
===========

All current released versions of Samba are vulnerable to a denial of
service on the nmbd NetBIOS name services daemon. A malformed packet
can cause the nmbd server to loop the CPU and prevent any further
NetBIOS name service.

This flaw is not exploitable beyond causing the code to loop
expending CPU resources.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 4.1.9, 4.0.19 and 3.6.24 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.

==========
Workaround
==========

None.

=======
Credits
=======

This problem was found by a Red Hat user and analyzed by
Stefan Cornelius <scorneli@redhat.com>. Jeremy Allison of Google
provided the Samba code fix for nmbd.