5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.374 Low
EPSS
Percentile
97.2%
Samba versions 4.0.0 and above have a flaw in DNS protocol handling in the
internal DNS server. The server will not check the “reply” flag in the DNS
packet header when processing a request. That makes it vulnerable to reply
to a spoofed reply packet with another reply. Two affected servers could thus
DOS each other.
Patches addressing this issue have been posted to:
http://www.samba.org/samba/security/
Samba version 4.0.18 includes a patch for this issue.
Use the BIND_DLZ DNS backend to avoid this issue.
This problem was reported on IRC by a Samba user
Patch provided by Kai Blin of the Samba team.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team