Signature Detail

DNS: Samba DNS Reply Flag Denial of Service

This signature detects attempts to exploit a known vulnerability in the Samba DNS Reply Flag. The server fails to check the reply flag of DNS packets, making it vulnerable to reply to a spoofed reply. This could result in a "ping-pong" type attack where two vulnerable servers attack each other. An attacker could exploit this vulnerability by sending a DNS query to a vulnerable server with a spoofed source IP address of another vulnerable server. Successful exploitation could result in excessive consumption of resources on both vulnerable servers, possibly causing a denial of service condition.

References

• CVE: CVE-2014-0239