Login Sign Up

CVE-2020-14303

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows any user to crash Samba's AD DC NBT server by sending an empty UDP packet, causing denial of service. It affects all Samba versions before 4.10.17, 4.11.11, and 4.12.4. Organizations running vulnerable Samba servers as Active Directory Domain Controllers are impacted.

💻 Affected Systems

Products:
  • Samba
Versions: All versions before 4.10.17, before 4.11.11, and before 4.12.4
Operating Systems: Linux, Unix-like systems running Samba
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Samba servers configured as Active Directory Domain Controllers (AD DC). Standalone file servers without AD DC role are not vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Leap by Opensuse

View all CVEs affecting Leap →

Leap by Opensuse

View all CVEs affecting Leap →

Samba by Samba

View all CVEs affecting Samba →

Samba by Samba

View all CVEs affecting Samba →

Samba by Samba

View all CVEs affecting Samba →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of Samba AD DC services, disrupting authentication, file sharing, and domain services for all dependent systems.

🟠

Likely Case

Service disruption requiring manual restart of Samba services, causing temporary authentication and file sharing outages.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and service restoration.

🌐 Internet-Facing: HIGH - UDP packets can be sent from anywhere on the internet to exposed Samba servers, making them vulnerable to simple DoS attacks.
🏢 Internal Only: MEDIUM - Internal attackers or misconfigured systems could still trigger the crash, but requires network access to the Samba server.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only the ability to send UDP packets to port 137 (NetBIOS Name Service). No authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Samba 4.10.17, 4.11.11, or 4.12.4 and later

Vendor Advisory: https://www.samba.org/samba/security/CVE-2020-14303.html

Restart Required: Yes

Instructions:

1. Update Samba packages using your distribution's package manager. 2. For Red Hat/CentOS: 'yum update samba'. 3. For Debian/Ubuntu: 'apt update && apt upgrade samba'. 4. Restart Samba services: 'systemctl restart smb nmb winbind'.

🔧 Temporary Workarounds

Block UDP port 137

linux

Prevent external access to the vulnerable NetBIOS Name Service port

iptables -A INPUT -p udp --dport 137 -j DROP
firewall-cmd --permanent --add-rich-rule='rule protocol value="udp" port port="137" reject'
ufw deny 137/udp

Disable NBT server if not needed

linux

Turn off NetBIOS over TCP/IP if not required for your environment

Edit /etc/samba/smb.conf and add: 'disable netbios = yes'
Then restart Samba: 'systemctl restart smb nmb'

🧯 If You Can't Patch

  • Implement strict network segmentation to limit access to Samba servers
  • Deploy network monitoring to detect and alert on suspicious UDP traffic to port 137

🔍 How to Verify

Check if Vulnerable:

Check Samba version: 'smbd --version' or 'rpm -q samba' or 'dpkg -l | grep samba'. If version is below 4.10.17, 4.11.11, or 4.12.4 and AD DC is enabled, system is vulnerable.

Check Version:

smbd --version | head -1

Verify Fix Applied:

Confirm version is 4.10.17+, 4.11.11+, or 4.12.4+ and test by attempting to send empty UDP packet to port 137 (should not crash).

📡 Detection & Monitoring

Log Indicators:

  • Samba service crashes in system logs
  • Unexpected Samba process termination
  • High volume of UDP packets to port 137 in firewall logs

Network Indicators:

  • Empty UDP packets to port 137
  • Sudden drop in Samba service availability

SIEM Query:

source="samba.log" AND ("segmentation fault" OR "crash" OR "terminated") OR destination_port=137 AND protocol=udp AND packet_size=0

📊 Metadata

CVE ID: CVE-2020-14303
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-834
Published: July 6, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14303, you might also want to check these:

CVE-2021-39204 7.5

This CVE describes a denial-of-service vulnerability in Envoy's HTTP/2 stream reset handling that af...

Same vulnerability type (CWE-834)
CVE-2021-4190 7.5

This vulnerability in Wireshark's Kafka dissector allows attackers to cause a denial of service by t...

Same vulnerability type (CWE-834)
CVE-2025-62707 7.5

CVE-2025-62707 is a denial-of-service vulnerability in pypdf, a popular Python PDF library. Attacker...

Same vulnerability type (CWE-834)