Lucene search

[email protected]NVD:CVE-2023-42669

HistoryNov 06, 2023 - 7:15 a.m.

CVE-2023-42669

2023-11-0607:15:09

CWE-400

[email protected]

web.nvd.nist.gov

samba

rpcecho server

denial of service

vulnerability

authenticated users

disrupt services

ad dc

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

35.1%

JSON

A vulnerability was found in Samba’s “rpcecho” development server, a non-Windows RPC server used to test Samba’s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the “rpcecho” service operates with only one worker in the main RPC task, allowing calls to the “rpcecho” server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a “sleep()” call in the “dcesrv_echo_TestSleep()” function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the “rpcecho” server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as “rpcecho” runs in the main RPC task.

Affected configurations

Nvd

Node

sambasambaRange4.0.0–4.17.12

sambasambaRange4.18.0–4.18.8

sambasambaRange4.19.0–4.19.1

Node

redhatstorageMatch3.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

redhatenterprise_linux_eusMatch9.0

redhatenterprise_linux_for_ibm_z_systemsMatch9.0_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch9.0_s390x

redhatenterprise_linux_for_power_little_endianMatch9.0_ppc64le

redhatenterprise_linux_for_power_little_endian_eusMatch9.0_ppc64le

VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
redhatstorage3.0cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus9.0cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
redhatenterprise_linux_for_ibm_z_systems9.0_s390xcpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
redhatenterprise_linux_for_ibm_z_systems_eus9.0_s390xcpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
redhatenterprise_linux_for_power_little_endian9.0_ppc64lecpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
redhatenterprise_linux_for_power_little_endian_eus9.0_ppc64lecpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samba	samba	*	cpe:2.3:a:samba:samba::::::::
redhat	storage	3.0	cpe:2.3:a:redhat:storage:3.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux	9.0	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
redhat	enterprise_linux_eus	9.0	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
redhat	enterprise_linux_for_ibm_z_systems	9.0_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
redhat	enterprise_linux_for_ibm_z_systems_eus	9.0_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:::::::*
redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
redhat	enterprise_linux_for_power_little_endian_eus	9.0_ppc64le	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:::::::*