Short Name |
DNS:SAMBA-DNS-REPLY-FLAG-DOS |
---|---|
Severity |
Major |
Recommended |
No |
Category |
DNS |
Keywords |
Samba DNS Reply Flag Denial of Service |
Release Date |
2015/06/12 |
Update Number |
2504 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Samba DNS Reply Flag. The server fails to check the reply flag of DNS packets, making it vulnerable to reply to a spoofed reply. This could result in a "ping-pong" type attack where two vulnerable servers attack each other. An attacker could exploit this vulnerability by sending a DNS query to a vulnerable server with a spoofed source IP address of another vulnerable server. Successful exploitation could result in excessive consumption of resources on both vulnerable servers, possibly causing a denial of service condition.
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.