CVE-2023-42669

Name
CVE-2023-42669
Description
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.samba.org/show_bug.cgi?id=15474
MISC https://www.samba.org/samba/security/CVE-2023-42669.html
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2241884
vdb-entry https://access.redhat.com/security/cve/CVE-2023-42669
vendor-advisory https://access.redhat.com/errata/RHSA-2023:6209
vendor-advisory https://access.redhat.com/errata/RHSA-2023:6744
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7371
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7408
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7464
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7467
https://security.netapp.com/advisory/ntap-20231124-0002/

Match rules

CPE URI Source package Min version Max version
cpe:/a:redhat:enterprise_linux:8::crb shopxo >= 0:4.18.6-2.el8_9 < *
cpe:/a:redhat:rhel_eus:8.6::crb shopxo >= 0:4.15.5-13.el8_6 < *
cpe:/a:redhat:rhel_eus:8.8::crb shopxo >= 0:4.17.5-4.el8_8 < *
cpe:/a:redhat:enterprise_linux:9::resilientstorage shopxo >= 0:4.18.6-101.el9_3 < *
cpe:/a:redhat:rhel_eus:9.0::resilientstorage shopxo >= 0:4.15.5-111.el9_0 < *
cpe:/a:redhat:rhel_eus:9.2::appstream shopxo >= 0:4.17.5-104.el9_2 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
samba edge-main 4.18.8-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
samba 3.22-main 4.18.8-r0 None fixed
samba 3.21-main 4.18.8-r0 None fixed
samba 3.20-main 4.18.8-r0 None fixed
samba 3.19-main 4.18.8-r0 None fixed
samba 3.18-main 4.18.8-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
samba 3.17-main 4.16.11-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable