Bug 878642 - (CVE-2014-0239) VUL-1: CVE-2014-0239: samba: DOS in DNS server packet handling
VUL-1: CVE-2014-0239: samba: DOS in DNS server packet handling
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other openSUSE 13.1
: P3 - Medium : Normal
: ---
Assigned To: Lars Müller
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2014-05-19 13:23 UTC by Sebastian Krahmer
Modified: 2016-02-05 09:54 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2014-05-19 13:23:50 UTC
EMBARGOED, via the Samba BZ.

(I dont have further info and cannot see the patch in their BZ.)
Comment 1 Marcus Meissner 2014-05-19 14:57:51 UTC
--- Comment #5 from Kai Blin <kai@samba.org> 2014-05-19 11:48:50 UTC ---
This patch should apply as-is to 4.0, 4.1 and master. 3.x does not include the
affected component.

=> So we probably only have it on 13.1, factory and SLES 12.
Comment 3 Lars Müller 2014-05-20 21:00:37 UTC
For openSUSE and SLE 12 we don't make use of source4/dns_server/dns_server.c

We'll either patch our source code or update to 4.1.8 nevertheless.
Comment 5 Marcus Meissner 2014-06-27 08:10:35 UTC
only affects Samba 4.0.0 or later. So only openSUSE 13.1 affected.

SUSE Linux Enterprise 11 and older are not affected.
Comment 6 Marcus Meissner 2014-09-02 12:29:36 UTC
was this fixed for 13.1?
Comment 7 David Disseldorp 2014-09-02 12:54:21 UTC
(In reply to comment #6)
> was this fixed for 13.1?

Yes, samba-4.1.11 is currently available from the update channel. CVE-2014-3493 was fixed in upstream 4.1.9.

Also, as Lars mentioned in comment#3, we don't currently ship with Samba's internal DNS server enabled.
Comment 8 Tristan Ye 2016-02-05 03:44:24 UTC
Guys, can SLES 11SP1 also be affected by this issue?
Comment 9 James McDonough 2016-02-05 09:54:12 UTC
(In reply to Tristan Ye from comment #8)
> Guys, can SLES 11SP1 also be affected by this issue?

No, as there is no samba DNS server prior to 4.0.  SLE 11 versions all have something older.