=========================================================== == Subject: Potential DOS in Samba internal DNS server == == CVE ID#: CVE-2014-0239 == == Versions: All versions of Samba later than 4.0.0 == == Summary: The internal DNS server does not check the "reply" flag, == potentially causing a packet loop. == =========================================================== =========== Description =========== Samba versions 4.0.0 and above have a flaw in DNS protocol handling in the internal DNS server. The server will not check the "reply" flag in the DNS packet header when processing a request. That makes it vulnerable to reply to a spoofed reply packet with another reply. Two affected servers could thus DOS each other. ================== Patch Availability ================== Patches addressing this issue have been posted to: http://www.samba.org/samba/security/ Samba version 4.0.18 includes a patch for this issue. ========== Workaround ========== Use the BIND_DLZ DNS backend to avoid this issue. ======= Credits ======= This problem was reported on IRC by a Samba user Patch provided by Kai Blin of the Samba team. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================