CVE-2014-0244

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.

References

http://advisories.mageia.org/MGASA-2014-0279.html

http://linux.oracle.com/errata/ELSA-2014-0866.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html

http://rhn.redhat.com/errata/RHSA-2014-0866.html

http://secunia.com/advisories/59378

http://secunia.com/advisories/59407

http://secunia.com/advisories/59433

http://secunia.com/advisories/59579

http://secunia.com/advisories/59834

http://secunia.com/advisories/59848

http://secunia.com/advisories/59919

http://secunia.com/advisories/61218

http://security.gentoo.org/glsa/glsa-201502-15.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2014:136

http://www.mandriva.com/security/advisories?name=MDVSA-2015:082

http://www.samba.org/samba/security/CVE-2014-0244

http://www.securityfocus.com/archive/1/532757/100/0/threaded

http://www.securityfocus.com/bid/68148

http://www.securitytracker.com/id/1030455

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1

https://bugzilla.redhat.com/show_bug.cgi?id=1097815

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

Details

Source: MITRE

Published: 2014-06-23

Updated: 2018-10-09

Type: CWE-20

Risk Information

CVSS v2

Base Score: 3.3

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.5

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
8757Samba 3.6.x < 3.6.24 / 4.0.x < 4.0.19 / 4.1.x < 4.1.9 Multiple VulnerabilitiesNessus Network MonitorSamba
medium
82335Mandriva Linux Security Advisory : samba (MDVSA-2015:082)NessusMandriva Local Security Checks
critical
81536GLSA-201502-15 : Samba: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
80769Oracle Solaris Third-Party Patch Update : samba (multiple_vulnerabilities_in_samba1)NessusSolaris Local Security Checks
low
77268Fedora 19 : samba-4.0.21-1.fc19 (2014-9132)NessusFedora Local Security Checks
high
77013RHEL 6 : samba4 (RHSA-2014:1009)NessusRed Hat Local Security Checks
high
77010Oracle Linux 6 : samba4 (ELSA-2014-1009)NessusOracle Linux Local Security Checks
high
77006CentOS 6 : samba4 (CESA-2014:1009)NessusCentOS Local Security Checks
high
76903RHEL 7 : samba (RHSA-2014:0867)NessusRed Hat Local Security Checks
low
76740Oracle Linux 7 : samba (ELSA-2014-0867)NessusOracle Linux Local Security Checks
low
76523SuSE 11.3 Security Update : Samba (SAT Patch Number 9451)NessusSuSE Local Security Checks
low
76480Mandriva Linux Security Advisory : samba (MDVSA-2014:136)NessusMandriva Local Security Checks
low
76449Scientific Linux Security Update : samba and samba3x on SL5.x, SL6.x i386/srpm/x86_64 (20140709)NessusScientific Linux Local Security Checks
low
76447RHEL 5 / 6 : samba and samba3x (RHSA-2014:0866)NessusRed Hat Local Security Checks
low
76443Oracle Linux 5 / 6 : samba / samba3x (ELSA-2014-0866)NessusOracle Linux Local Security Checks
low
76432CentOS 7 : samba (CESA-2014:0867)NessusCentOS Local Security Checks
low
76431CentOS 5 / 6 : samba / samba3x (CESA-2014:0866)NessusCentOS Local Security Checks
low
76341openSUSE Security Update : samba (openSUSE-SU-2014:0859-1)NessusSuSE Local Security Checks
medium
76340openSUSE Security Update : samba (openSUSE-SU-2014:0857-1)NessusSuSE Local Security Checks
low
76275Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : samba vulnerabilities (USN-2257-1)NessusUbuntu Local Security Checks
medium
76223Fedora 20 : samba-4.1.9-3.fc20 (2014-7672)NessusFedora Local Security Checks
high
76207Slackware 14.0 / 14.1 / current : samba (SSA:2014-175-04)NessusSlackware Local Security Checks
medium
76202Samba 3.6.x < 3.6.24 / 4.0.x < 4.0.19 / 4.1.x < 4.1.9 Multiple VulnerabilitiesNessusMisc.
low
76196FreeBSD : samba -- multiple vulnerabilities (6ad309d9-fb03-11e3-bebd-000c2980a9f3)NessusFreeBSD Local Security Checks
low
76194Debian DSA-2966-1 : samba - security updateNessusDebian Local Security Checks
low