2014-0244 | Samba nmbd Service sys_recvfrom input validation (BID-68148 / XFDB-94058)

By Max On Aug 1, 2021

CVSS Meta Temp Score	Current Exploit Price (≈)	CTI Interest Score
4.6	$0-$5k	0.30

A vulnerability was found in Samba up to 4.1.8 (File Transfer Software) and classified as problematic. This issue affects the function sys_recvfrom of the component nmbd Service. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-20. Impacted is availability.

The weakness was shared 06/23/2014 by Stefan Cornelius as Denial of service – CPU loop as confirmed advisory (Website). The advisory is shared at samba.org. The identification of this vulnerability is CVE-2014-0244 since 12/03/2013. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are known, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 76449 (Scientific Linux Security Update : samba and samba3x on SL5.x, SL6.x i386/srpm/x86_64), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Scientific Linux Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 185124 (HPE HP-UX CIFS-Server Multiple Vulnerabilities (HPSBUX03574)).

Upgrading to version 3.6.24, 4.0.19 or 4.1.9 eliminates this vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 16563.

The vulnerability is also documented in the databases at SecurityFocus (BID 68148), X-Force (94058), Secunia (SA59378), SecurityTracker (ID 1030455) and Vulnerability Center (SBV-45105). The entries 7563, 11176, 12681 and 13388 are related to this item.

Type

Name

VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 4.6

VulDB Base Score: 5.3
VulDB Temp Score: 4.6
VulDB Vector: 🔍
VulDB Reliability: 🔍

AV	AC	Au	C	I	A
🔍	🔍	🔍	🔍	🔍	🔍
🔍	🔍	🔍	🔍	🔍	🔍
🔍	🔍	🔍	🔍	🔍	🔍

Vector	Complexity	Authentication	Confidentiality	Integrity	Availability
unlock	unlock	unlock	unlock	unlock	unlock
unlock	unlock	unlock	unlock	unlock	unlock
unlock	unlock	unlock	unlock	unlock	unlock

VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍

Class: Privilege escalation
CWE: CWE-20
ATT&CK: Unknown

Local: No
Remote: Yes

Availability: 🔍
Status: Unproven

Price Prediction: 🔍
Current Price Estimation: 🔍

0-Day	unlock	unlock	unlock	unlock
Today	unlock	unlock	unlock	unlock

Nessus ID: 76449
Nessus Name: Scientific Linux Security Update : samba and samba3x on SL5.x, SL6.x i386/srpm/x86_64
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍

OpenVAS ID: 702966
OpenVAS Name: Debian Security Advisory DSA 2966-1 (samba – security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍

Qualys ID: 🔍
Qualys Name: 🔍

Threat Intelligenceinfoedit

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔍

Upgrade: Samba 3.6.24/4.0.19/4.1.9
TippingPoint: 🔍

McAfee IPS: 🔍
McAfee IPS Version: 🔍

Fortigate IPS: 🔍

12/03/2013 🔍
06/12/2014 +191 days 🔍
06/23/2014 +11 days 🔍
06/23/2014 +0 days 🔍
06/23/2014 +0 days 🔍
06/23/2014 +0 days 🔍
06/24/2014 +1 days 🔍
07/02/2014 +8 days 🔍
07/10/2014 +8 days 🔍
03/17/2015 +250 days 🔍
04/10/2017 +755 days 🔍
08/01/2021 +1574 days 🔍Product: https://www.samba.org/

Advisory: Denial of service – CPU loop
Researcher: Stefan Cornelius
Status: Confirmed
Confirmation: 🔍

CVE: CVE-2014-0244 (🔍)
OVAL: 🔍

SecurityFocus: 68148 – Samba ‘nmbd’ NetBIOS Name Serives Daemon Denial of Service Vulnerability
Secunia: 59378 – SUSE update for samba, Less Critical
X-Force: 94058 – Samba sys_recvfrom denial of service, Medium Risk
SecurityTracker: 1030455 – Samba smbd and nmbd Processing Flaws Let Remote Users Deny Service
Vulnerability Center: 45105 – Samba 3.6.0 Through 4.1.8 Remote DoS via a Malformed UDP Packet, Low