CVE-2014-0239

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.0.18

Description The internal DNS server in Samba does not check the QR field in the header section of an incoming DNS message before sending a response. This allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop.

Recommendations For versions prior to 4.0.18, update to version 4.0.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the internal DNS server to minimize the risk of exploitation.