PT-2023-6231 · Samba+10 · Samba+10

Andrew Bartlett

·

Published

2023-09-12

·

Updated

2024-11-15

·

CVE-2023-42669

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)
Description A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This issue stems from an RPC function that can be blocked indefinitely, causing service disruptions. The disruption is triggered by a "sleep()" call in the dcesrv echo TestSleep() function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Resource Release

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-400

Related Identifiers

ALSA-2023:6744
ALSA-2023:7467
ALT-PU-2023-6448
ALT-PU-2023-7794
ALT-PU-2024-12484
ALT-PU-2024-14683
AZL-31940
AZL-37027
BDU:2023-06940
CESA-2023_7467
CVE-2023-42669
DSA-5525-1
ECHO-EC2C-9974-E837
MGASA-2023-0340
OESA-2023-1753
OESA-2023-1754
OESA-2023-1755
OESA-2023-1756
OESA-2023-1757
OPENSUSE-SU-2023_4046-1
OPENSUSE-SU-2023_4059-1
OPENSUSE-SU-2024:13332-1
RHSA-2023:6209
RHSA-2023:6744
RHSA-2023:7371
RHSA-2023:7408
RHSA-2023:7464
RHSA-2023:7467
RHSA-2023_6744
RHSA-2023_7467
SUSE-SU-2023:4046-1
SUSE-SU-2023:4059-1
SUSE-SU-2023:4096-1
USN-6425-1
USN-6425-2
USN-6425-3

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Samba
Suse
Ubuntu