CVE-2023-42670Uncontrolled Resource Consumption in Samba

CWE-400Uncontrolled Resource Consumption9 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 40.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SambaFedoraproject Fedora
Timeline
PublishedNov 3
Latest updateJan 15

Description

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsamba/samba4.18.04.18.8+2
Debiansamba/samba< 2:4.17.12+dfsg-0+deb12u1+2

Also affects: Fedora 39

🔴Vulnerability Details

3
CVEList
Samba: ad dc busy rpc multiple listener dos2023-11-03
OSV
CVE-2023-42670: A flaw was found in Samba2023-11-03
GHSA
GHSA-5qvm-gfmw-9v64: A flaw was found in Samba2023-11-03

📋Vendor Advisories

5
Oracle
Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech - Cloud (Samba) — CVE-2023-426702026-01-15
Ubuntu
Samba vulnerabilities2023-10-17
Ubuntu
Samba vulnerabilities2023-10-10
Red Hat
samba: AD DC Busy RPC multiple listener DoS2023-10-10
Debian
CVE-2023-42670: samba - A flaw was found in Samba. It is susceptible to a vulnerability where multiple i...2023