|Type||Denial of service|
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP and DNS paclets. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service.
The vulnerable DNS server (port 53) and NBT server (port 139) is only provided when Samba runs as an Active Directory DC. The implementation provided by nmbd in the file-server configuration is not subject to this issue. In the AD DC, the NBT server can be disabled with 'disable netbios = yes'.