CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
redhatCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
sambasamba
4.0.0 ≤
𝑥
< 4.17.12
sambasamba
4.18.0 ≤
𝑥
< 4.18.8
sambasamba
4.19.0 ≤
𝑥
< 4.19.1
redhatstorage
3.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux_eus
9.0
redhatenterprise_linux_for_ibm_z_systems
9.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.0_s390x:_s390x
redhatenterprise_linux_for_power_little_endian
9.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.0_ppc64le:_ppc64le
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bullseye (security)
vulnerable
bullseye
ignored
buster
ignored
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
trixie
2:4.21.2+dfsg-4
fixed
sid
2:4.21.2+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
oracular
Fixed 2:4.18.6+dfsg-1ubuntu2.1
released
noble
Fixed 2:4.18.6+dfsg-1ubuntu2.1
released
mantic
Fixed 2:4.18.6+dfsg-1ubuntu2.1
released
lunar
Fixed 2:4.17.7+dfsg-1ubuntu2.3
released
jammy
Fixed 2:4.15.13+dfsg-0ubuntu1.5
released
focal
Fixed 2:4.15.13+dfsg-0ubuntu0.20.04.6
released
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:6209
https://access.redhat.com/errata/RHSA-2023:6744
https://access.redhat.com/errata/RHSA-2023:7371
https://access.redhat.com/errata/RHSA-2023:7408
https://access.redhat.com/errata/RHSA-2023:7464
https://access.redhat.com/errata/RHSA-2023:7467
https://access.redhat.com/security/cve/CVE-2023-42669
https://bugzilla.redhat.com/show_bug.cgi?id=2241884
https://bugzilla.samba.org/show_bug.cgi?id=15474
https://www.samba.org/samba/security/CVE-2023-42669.html
https://access.redhat.com/errata/RHSA-2023:6209
https://access.redhat.com/errata/RHSA-2023:6744
https://access.redhat.com/errata/RHSA-2023:7371
https://access.redhat.com/errata/RHSA-2023:7408
https://access.redhat.com/errata/RHSA-2023:7464
https://access.redhat.com/errata/RHSA-2023:7467
https://access.redhat.com/security/cve/CVE-2023-42669
https://bugzilla.redhat.com/show_bug.cgi?id=2241884
https://bugzilla.samba.org/show_bug.cgi?id=15474
https://security.netapp.com/advisory/ntap-20231124-0002/
https://www.samba.org/samba/security/CVE-2023-42669.html