CVE-2014-0244

Name of the Vulnerable Software and Affected Versions Samba versions 3.6.x through 3.6.23 Samba versions 4.0.x through 4.0.18 Samba versions 4.1.x through 4.1.8

Description The issue affects the Samba software, allowing remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. The sys recvfrom function in nmbd is vulnerable. This can lead to disruption of confidentiality, integrity, and availability of protected information. An authenticated remote attacker can exploit this vulnerability.

Recommendations For Samba versions 3.6.x through 3.6.23, update to version 3.6.24 or later. For Samba versions 4.0.x through 4.0.18, update to version 4.0.19 or later. For Samba versions 4.1.x through 4.1.8, update to version 4.1.9 or later. As a temporary workaround, consider restricting access to the nmbd service until a patch is available.