DoS Vulnerability in Samba

A known vulnerability in older versions of Samba has been exploited more than usual during the past week.

Threat ID:: CC-1140
Category:: DOS
Threat Severity:: Low
Threat Vector:
Published:: 2 February 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A known vulnerability in older versions of Samba has been exploited more than usual during the past week.

Affected platforms

The following platforms are known to be affected:

Samba

Samba versions 4.0.1 to 4.0.17

Threat details

Samba is an Open Source suite used to provide file and print services to Server Message Block (SMB)/Common Interface File System (CIFS) clients including Microsoft Windows OSs. Vulnerable versions of the software fail to check the reply flag of DNS packets which enables an attacker to obtain a spoofed reply. This can cause a ping-pong effect where two vulnerable servers enter a communication loop, effectively DoSing each other.

Remediation steps

Type	Step
	Ensure patches are applied in a timely manner.

Last edited: 17 February 2020 11:29 am