Race condition

2023-07-2015:15:00

PRIOn knowledge base

www.prio-n.com

race condition

samba

spotlight

rpc service

infinite loop

vulnerability

unvalidated count field

network packet

denial of service

7.1 High

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

An infinite loop vulnerability was found in Samba’s mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

CPENameOperatorVersion
debian_linuxeq11.0
debian_linuxeq12.0
fedoraeq37
fedoraeq38
enterprise_linuxeq8.0
enterprise_linuxeq9.0
sambage4.18.0
sambalt4.18.5
sambage4.17.0
sambalt4.17.10

Name	Operator	Version
debian_linux	eq	11.0
debian_linux	eq	12.0
fedora	eq	37
fedora	eq	38
enterprise_linux	eq	8.0
enterprise_linux	eq	9.0
samba	ge	4.18.0
samba	lt	4.18.5
samba	ge	4.17.0
samba	lt	4.17.10