CVE-2023-42669

CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 31.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Samba Redhat Enterprise Linux Redhat Enterprise Linux EUS +5 more

Timeline

PublishedNov 6

Description

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDsamba/samba4.0.0 — 4.17.12+2

▶Debiansamba< 2:4.17.12+dfsg-0+deb12u1+2

▶NVDredhat/storage3.0

Also affects: Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

CVEList

Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc↗2023-11-06

▶

OSV

CVE-2023-42669: A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements↗2023-11-06

▶

GHSA

GHSA-8q58-8vm2-mf3q: A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements↗2023-11-06

▶

OSV

samba vulnerabilities↗2023-10-10

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2023-10-17

▶

Red Hat

samba: "rpcecho" development server allows denial of service via sleep() call on AD DC↗2023-10-10

▶

Ubuntu

Samba vulnerabilities↗2023-10-10

▶

Debian

CVE-2023-42669: samba - A vulnerability was found in Samba's "rpcecho" development server, a non-Windows...↗2023

▶