CVE-2023-42669
Vulnerability from cvelistv5
Published
2023-11-06 06:57
Modified
2024-11-23 02:00
Summary
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:6209Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:6744Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7371
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7408
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7464
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7467
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-42669Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2241884Issue Tracking
secalert@redhat.comhttps://bugzilla.samba.org/show_bug.cgi?id=15474Issue Tracking
secalert@redhat.comhttps://www.samba.org/samba/security/CVE-2023-42669.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:6209Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:6744Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7371
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7408
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7464
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7467
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-42669Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2241884Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.samba.org/show_bug.cgi?id=15474Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20231124-0002/
af854a3a-2127-422b-91ae-364da2661108https://www.samba.org/samba/security/CVE-2023-42669.htmlVendor Advisory
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.6-2.el8_9   < *
    cpe:/a:redhat:enterprise_linux:8::crb
    cpe:/o:redhat:enterprise_linux:8::baseos
    cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.6-2.el8_9   < *
    cpe:/a:redhat:enterprise_linux:8::crb
    cpe:/o:redhat:enterprise_linux:8::baseos
    cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.15.5-13.el8_6   < *
    cpe:/o:redhat:rhel_eus:8.6::baseos
    cpe:/o:redhat:rhev_hypervisor:4.4::el8
    cpe:/a:redhat:rhel_eus:8.6::crb
    cpe:/a:redhat:rhel_eus:8.6::appstream
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.17.5-4.el8_8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
    cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:4.18.6-101.el9_3   < *
    cpe:/a:redhat:enterprise_linux:9::crb
    cpe:/a:redhat:enterprise_linux:9::resilientstorage
    cpe:/o:redhat:enterprise_linux:9::baseos
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:4.18.6-101.el9_3   < *
    cpe:/a:redhat:enterprise_linux:9::crb
    cpe:/a:redhat:enterprise_linux:9::resilientstorage
    cpe:/o:redhat:enterprise_linux:9::baseos
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:4.15.5-111.el9_0   < *
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/a:redhat:rhel_eus:9.0::appstream
    cpe:/a:redhat:rhel_eus:9.0::resilientstorage
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:4.17.5-104.el9_2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
    cpe:/a:redhat:rhel_eus:9.2::appstream
    cpe:/a:redhat:rhel_eus:9.2::resilientstorage
    cpe:/a:redhat:rhel_eus:9.2::crb
Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.15.5-13.el8_6   < *
    cpe:/o:redhat:rhel_eus:8.6::baseos
    cpe:/o:redhat:rhev_hypervisor:4.4::el8
    cpe:/a:redhat:rhel_eus:8.6::crb
    cpe:/a:redhat:rhel_eus:8.6::appstream
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Storage 3     cpe:/a:redhat:storage:3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42669",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-30T14:56:59.417578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T16:07:58.684Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:23:40.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:6209",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:6209"
          },
          {
            "name": "RHSA-2023:6744",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:6744"
          },
          {
            "name": "RHSA-2023:7371",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7371"
          },
          {
            "name": "RHSA-2023:7408",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7408"
          },
          {
            "name": "RHSA-2023:7464",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7464"
          },
          {
            "name": "RHSA-2023:7467",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7467"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-42669"
          },
          {
            "name": "RHBZ#2241884",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241884"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=15474"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231124-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2023-42669.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/samba-team/samba",
          "defaultStatus": "unaffected",
          "packageName": "samba",
          "versions": [
            {
              "lessThan": "4.17.12",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.18.8",
              "status": "affected",
              "version": "4.18.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.19.0"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-2.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-2.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/a:redhat:rhel_eus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-13.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.17.5-4.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-101.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-101.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/a:redhat:rhel_eus:9.0::appstream",
            "cpe:/a:redhat:rhel_eus:9.0::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-111.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::appstream",
            "cpe:/a:redhat:rhel_eus:9.2::resilientstorage",
            "cpe:/a:redhat:rhel_eus:9.2::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.17.5-104.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/a:redhat:rhel_eus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-13.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba4",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:storage:3"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Storage 3",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-10-10T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Samba\u0027s \"rpcecho\" development server, a non-Windows RPC server used to test Samba\u0027s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \"rpcecho\" service operates with only one worker in the main RPC task, allowing calls to the \"rpcecho\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \"sleep()\" call in the \"dcesrv_echo_TestSleep()\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \"rpcecho\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \"rpcecho\" runs in the main RPC task."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-23T02:00:58.239Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:6209",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:6209"
        },
        {
          "name": "RHSA-2023:6744",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:6744"
        },
        {
          "name": "RHSA-2023:7371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7371"
        },
        {
          "name": "RHSA-2023:7408",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7408"
        },
        {
          "name": "RHSA-2023:7464",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7464"
        },
        {
          "name": "RHSA-2023:7467",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7467"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-42669"
        },
        {
          "name": "RHBZ#2241884",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241884"
        },
        {
          "url": "https://bugzilla.samba.org/show_bug.cgi?id=15474"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2023-42669.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-03T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-10-10T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Samba: \"rpcecho\" development server allows denial of service via sleep() call on ad dc",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this vulnerability, disable rpcecho service on the AD DC by setting:\n~~~\ndcerpc endpoint servers = -rpcecho\n~~~"
        }
      ],
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-42669",
    "datePublished": "2023-11-06T06:57:28.981Z",
    "dateReserved": "2023-09-13T04:22:28.796Z",
    "dateUpdated": "2024-11-23T02:00:58.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-42669\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-11-06T07:15:09.137\",\"lastModified\":\"2024-11-21T08:22:55.443\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in Samba\u0027s \\\"rpcecho\\\" development server, a non-Windows RPC server used to test Samba\u0027s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \\\"rpcecho\\\" service operates with only one worker in the main RPC task, allowing calls to the \\\"rpcecho\\\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \\\"sleep()\\\" call in the \\\"dcesrv_echo_TestSleep()\\\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \\\"rpcecho\\\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \\\"rpcecho\\\" runs in the main RPC task.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en el servidor de desarrollo \\\"rpcecho\\\" de Samba, un servidor RPC que no es de Windows utilizado para probar los elementos de la pila DCE/RPC de Samba. Esta vulnerabilidad se debe a una funci\u00f3n RPC que puede bloquearse indefinidamente. El problema surge porque el servicio \\\"rpcecho\\\" opera con un solo trabajador en la tarea principal de RPC, lo que permite bloquear las llamadas al servidor \\\"rpcecho\\\" durante un tiempo espec\u00edfico, lo que provoca interrupciones en el servicio. Esta interrupci\u00f3n se desencadena mediante una llamada \\\"sleep()\\\" en la funci\u00f3n \\\"dcesrv_echo_TestSleep()\\\" bajo condiciones espec\u00edficas. Los usuarios autenticados o los atacantes pueden aprovechar esta vulnerabilidad para realizar llamadas al servidor \\\"rpcecho\\\", solicit\u00e1ndole que se bloquee durante un per\u00edodo espec\u00edfico, interrumpiendo efectivamente la mayor\u00eda de los servicios y provocando una denegaci\u00f3n completa de servicio en AD DC. La DoS afecta a todos los dem\u00e1s servicios ya que \\\"rpcecho\\\" se ejecuta en la tarea principal de RPC.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.17.12\",\"matchCriteriaId\":\"F1CC08E7-E96D-4475-ACB6-22CDF280913E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.18.0\",\"versionEndExcluding\":\"4.18.8\",\"matchCriteriaId\":\"8A33312F-1523-4647-83DA-6DD6231906F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.0\",\"versionEndExcluding\":\"4.19.1\",\"matchCriteriaId\":\"DE496104-DDB5-4709-8026-C83E99B0C865\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"379A5883-F6DF-41F5-9403-8D17F6605737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DDA3E5A-8754-4C48-9A27-E2415F8A6000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB056B47-1F45-4CE4-81F6-872F66C24C29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC06C2A-64A5-4302-B754-A4DC0E12FE7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62D3FD78-5B63-4A1B-B4EE-9B098844691E\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6209\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6744\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7371\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7408\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7464\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7467\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-42669\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2241884\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.samba.org/show_bug.cgi?id=15474\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.samba.org/samba/security/CVE-2023-42669.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7371\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7408\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-42669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2241884\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.samba.org/show_bug.cgi?id=15474\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231124-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.samba.org/samba/security/CVE-2023-42669.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.