5

CVE-2014-0239

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 4.0.0 < 4.0.18
SambaSamba Version >= 4.1.0 < 4.1.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 67.57% 0.992
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://security.gentoo.org/glsa/glsa-201502-15.xml
Third Party Advisory
http://secunia.com/advisories/59579
Third Party Advisory
http://www.samba.org/samba/security/CVE-2014-0239
Vendor Advisory
http://www.securityfocus.com/bid/67691
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030309
Third Party Advisory
VDB Entry