Bug 878642 – VUL-1: CVE-2014-0239: samba: DOS in DNS server packet handling

Bug 878642 - (CVE-2014-0239) VUL-1: CVE-2014-0239: samba: DOS in DNS server packet handling

(CVE-2014-0239)
Summary:	VUL-1: CVE-2014-0239: samba: DOS in DNS server packet handling

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other openSUSE 13.1

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Lars Müller
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2014-05-19 13:23 UTC by Sebastian Krahmer
Modified:	2016-02-05 09:54 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2014-05-19 13:23:50 UTC

EMBARGOED, via the Samba BZ.

(I dont have further info and cannot see the patch in their BZ.)

Comment 1 Marcus Meissner 2014-05-19 14:57:51 UTC

--- Comment #5 from Kai Blin <kai@samba.org> 2014-05-19 11:48:50 UTC ---
This patch should apply as-is to 4.0, 4.1 and master. 3.x does not include the
affected component.


=> So we probably only have it on 13.1, factory and SLES 12.

Comment 3 Lars Müller 2014-05-20 21:00:37 UTC

For openSUSE and SLE 12 we don't make use of source4/dns_server/dns_server.c

We'll either patch our source code or update to 4.1.8 nevertheless.

Comment 5 Marcus Meissner 2014-06-27 08:10:35 UTC

only affects Samba 4.0.0 or later. So only openSUSE 13.1 affected.

SUSE Linux Enterprise 11 and older are not affected.

Comment 6 Marcus Meissner 2014-09-02 12:29:36 UTC

was this fixed for 13.1?

Comment 7 David Disseldorp 2014-09-02 12:54:21 UTC

(In reply to comment #6)
> was this fixed for 13.1?

Yes, samba-4.1.11 is currently available from the update channel. CVE-2014-3493 was fixed in upstream 4.1.9.

Also, as Lars mentioned in comment#3, we don't currently ship with Samba's internal DNS server enabled.

Comment 8 Tristan Ye 2016-02-05 03:44:24 UTC

Guys, can SLES 11SP1 also be affected by this issue?

Comment 9 James McDonough 2016-02-05 09:54:12 UTC

(In reply to Tristan Ye from comment #8)
> Guys, can SLES 11SP1 also be affected by this issue?

No, as there is no samba DNS server prior to 4.0.  SLE 11 versions all have something older.