CVE-2023-42669 (GCVE-0-2023-42669)

Vulnerability from cvelistv5 – Published: 2023-11-06 06:57 – Updated: 2025-11-20 18:28
VLAI?
Summary
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
Affected: 4.0.0 , < 4.17.12 (semver)
Affected: 4.18.0 , < 4.18.8 (semver)
Affected: 4.19.0
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.6-2.el8_9 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:8::baseos
    cpe:/a:redhat:enterprise_linux:8::appstream
    cpe:/a:redhat:enterprise_linux:8::crb
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.6-2.el8_9 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:8::baseos
    cpe:/a:redhat:enterprise_linux:8::appstream
    cpe:/a:redhat:enterprise_linux:8::crb
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.15.5-13.el8_6 , < * (rpm)
    cpe:/a:redhat:rhel_eus:8.6::appstream
    cpe:/o:redhat:rhev_hypervisor:4.4::el8
    cpe:/o:redhat:rhel_eus:8.6::baseos
    cpe:/a:redhat:rhel_eus:8.6::crb
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.17.5-4.el8_8 , < * (rpm)
    cpe:/a:redhat:rhel_eus:8.8::appstream
    cpe:/o:redhat:rhel_eus:8.8::baseos
    cpe:/a:redhat:rhel_eus:8.8::crb
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:4.18.6-101.el9_3 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:9::baseos
    cpe:/a:redhat:enterprise_linux:9::resilientstorage
    cpe:/a:redhat:enterprise_linux:9::crb
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:4.18.6-101.el9_3 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:9::baseos
    cpe:/a:redhat:enterprise_linux:9::resilientstorage
    cpe:/a:redhat:enterprise_linux:9::crb
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:4.15.5-111.el9_0 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.0::appstream
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::resilientstorage
    cpe:/a:redhat:rhel_eus:9.0::crb
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:4.17.5-104.el9_2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.2::crb
    cpe:/a:redhat:rhel_eus:9.2::resilientstorage
    cpe:/o:redhat:rhel_eus:9.2::baseos
    cpe:/a:redhat:rhel_eus:9.2::appstream
 Create a notification for this product.
    Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.15.5-13.el8_6 , < * (rpm)
    cpe:/a:redhat:rhel_eus:8.6::appstream
    cpe:/o:redhat:rhev_hypervisor:4.4::el8
    cpe:/o:redhat:rhel_eus:8.6::baseos
    cpe:/a:redhat:rhel_eus:8.6::crb
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
 Create a notification for this product.
    Red Hat Red Hat Storage 3     cpe:/a:redhat:storage:3
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42669",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-30T14:56:59.417578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T16:07:58.684Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:23:40.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:6209",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:6209"
          },
          {
            "name": "RHSA-2023:6744",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:6744"
          },
          {
            "name": "RHSA-2023:7371",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7371"
          },
          {
            "name": "RHSA-2023:7408",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7408"
          },
          {
            "name": "RHSA-2023:7464",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7464"
          },
          {
            "name": "RHSA-2023:7467",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7467"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-42669"
          },
          {
            "name": "RHBZ#2241884",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241884"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=15474"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231124-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2023-42669.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/samba-team/samba",
          "defaultStatus": "unaffected",
          "packageName": "samba",
          "versions": [
            {
              "lessThan": "4.17.12",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.18.8",
              "status": "affected",
              "version": "4.18.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.19.0"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-2.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-2.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.6::appstream",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-13.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream",
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.17.5-4.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-101.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-101.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream",
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::resilientstorage",
            "cpe:/a:redhat:rhel_eus:9.0::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-111.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::crb",
            "cpe:/a:redhat:rhel_eus:9.2::resilientstorage",
            "cpe:/o:redhat:rhel_eus:9.2::baseos",
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.17.5-104.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.6::appstream",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-13.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba4",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:storage:3"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Storage 3",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-10-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Samba\u0027s \"rpcecho\" development server, a non-Windows RPC server used to test Samba\u0027s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \"rpcecho\" service operates with only one worker in the main RPC task, allowing calls to the \"rpcecho\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \"sleep()\" call in the \"dcesrv_echo_TestSleep()\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \"rpcecho\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \"rpcecho\" runs in the main RPC task."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:28:20.323Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:6209",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:6209"
        },
        {
          "name": "RHSA-2023:6744",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:6744"
        },
        {
          "name": "RHSA-2023:7371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7371"
        },
        {
          "name": "RHSA-2023:7408",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7408"
        },
        {
          "name": "RHSA-2023:7464",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7464"
        },
        {
          "name": "RHSA-2023:7467",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7467"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-42669"
        },
        {
          "name": "RHBZ#2241884",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241884"
        },
        {
          "url": "https://bugzilla.samba.org/show_bug.cgi?id=15474"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2023-42669.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-03T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-10-10T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Samba: \"rpcecho\" development server allows denial of service via sleep() call on ad dc",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this vulnerability, disable rpcecho service on the AD DC by setting:\n~~~\ndcerpc endpoint servers = -rpcecho\n~~~"
        }
      ],
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-42669",
    "datePublished": "2023-11-06T06:57:28.981Z",
    "dateReserved": "2023-09-13T04:22:28.796Z",
    "dateUpdated": "2025-11-20T18:28:20.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndExcluding\": \"4.17.12\", \"matchCriteriaId\": \"F1CC08E7-E96D-4475-ACB6-22CDF280913E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.18.0\", \"versionEndExcluding\": \"4.18.8\", \"matchCriteriaId\": \"8A33312F-1523-4647-83DA-6DD6231906F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.19.0\", \"versionEndExcluding\": \"4.19.1\", \"matchCriteriaId\": \"DE496104-DDB5-4709-8026-C83E99B0C865\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"379A5883-F6DF-41F5-9403-8D17F6605737\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DDA3E5A-8754-4C48-9A27-E2415F8A6000\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB056B47-1F45-4CE4-81F6-872F66C24C29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CC06C2A-64A5-4302-B754-A4DC0E12FE7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62D3FD78-5B63-4A1B-B4EE-9B098844691E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in Samba\u0027s \\\"rpcecho\\\" development server, a non-Windows RPC server used to test Samba\u0027s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \\\"rpcecho\\\" service operates with only one worker in the main RPC task, allowing calls to the \\\"rpcecho\\\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \\\"sleep()\\\" call in the \\\"dcesrv_echo_TestSleep()\\\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \\\"rpcecho\\\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \\\"rpcecho\\\" runs in the main RPC task.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una vulnerabilidad en el servidor de desarrollo \\\"rpcecho\\\" de Samba, un servidor RPC que no es de Windows utilizado para probar los elementos de la pila DCE/RPC de Samba. Esta vulnerabilidad se debe a una funci\\u00f3n RPC que puede bloquearse indefinidamente. El problema surge porque el servicio \\\"rpcecho\\\" opera con un solo trabajador en la tarea principal de RPC, lo que permite bloquear las llamadas al servidor \\\"rpcecho\\\" durante un tiempo espec\\u00edfico, lo que provoca interrupciones en el servicio. Esta interrupci\\u00f3n se desencadena mediante una llamada \\\"sleep()\\\" en la funci\\u00f3n \\\"dcesrv_echo_TestSleep()\\\" bajo condiciones espec\\u00edficas. Los usuarios autenticados o los atacantes pueden aprovechar esta vulnerabilidad para realizar llamadas al servidor \\\"rpcecho\\\", solicit\\u00e1ndole que se bloquee durante un per\\u00edodo espec\\u00edfico, interrumpiendo efectivamente la mayor\\u00eda de los servicios y provocando una denegaci\\u00f3n completa de servicio en AD DC. La DoS afecta a todos los dem\\u00e1s servicios ya que \\\"rpcecho\\\" se ejecuta en la tarea principal de RPC.\"}]",
      "id": "CVE-2023-42669",
      "lastModified": "2024-11-21T08:22:55.443",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2023-11-06T07:15:09.137",
      "references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2023:6209\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:6744\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7371\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7408\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7464\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7467\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-42669\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2241884\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.samba.org/show_bug.cgi?id=15474\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.samba.org/samba/security/CVE-2023-42669.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:6209\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:6744\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7371\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7408\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7464\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7467\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-42669\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2241884\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.samba.org/show_bug.cgi?id=15474\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231124-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.samba.org/samba/security/CVE-2023-42669.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-42669\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-11-06T07:15:09.137\",\"lastModified\":\"2024-11-21T08:22:55.443\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in Samba\u0027s \\\"rpcecho\\\" development server, a non-Windows RPC server used to test Samba\u0027s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \\\"rpcecho\\\" service operates with only one worker in the main RPC task, allowing calls to the \\\"rpcecho\\\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \\\"sleep()\\\" call in the \\\"dcesrv_echo_TestSleep()\\\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \\\"rpcecho\\\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \\\"rpcecho\\\" runs in the main RPC task.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en el servidor de desarrollo \\\"rpcecho\\\" de Samba, un servidor RPC que no es de Windows utilizado para probar los elementos de la pila DCE/RPC de Samba. Esta vulnerabilidad se debe a una funci\u00f3n RPC que puede bloquearse indefinidamente. El problema surge porque el servicio \\\"rpcecho\\\" opera con un solo trabajador en la tarea principal de RPC, lo que permite bloquear las llamadas al servidor \\\"rpcecho\\\" durante un tiempo espec\u00edfico, lo que provoca interrupciones en el servicio. Esta interrupci\u00f3n se desencadena mediante una llamada \\\"sleep()\\\" en la funci\u00f3n \\\"dcesrv_echo_TestSleep()\\\" bajo condiciones espec\u00edficas. Los usuarios autenticados o los atacantes pueden aprovechar esta vulnerabilidad para realizar llamadas al servidor \\\"rpcecho\\\", solicit\u00e1ndole que se bloquee durante un per\u00edodo espec\u00edfico, interrumpiendo efectivamente la mayor\u00eda de los servicios y provocando una denegaci\u00f3n completa de servicio en AD DC. La DoS afecta a todos los dem\u00e1s servicios ya que \\\"rpcecho\\\" se ejecuta en la tarea principal de RPC.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.17.12\",\"matchCriteriaId\":\"F1CC08E7-E96D-4475-ACB6-22CDF280913E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.18.0\",\"versionEndExcluding\":\"4.18.8\",\"matchCriteriaId\":\"8A33312F-1523-4647-83DA-6DD6231906F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.0\",\"versionEndExcluding\":\"4.19.1\",\"matchCriteriaId\":\"DE496104-DDB5-4709-8026-C83E99B0C865\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"379A5883-F6DF-41F5-9403-8D17F6605737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DDA3E5A-8754-4C48-9A27-E2415F8A6000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB056B47-1F45-4CE4-81F6-872F66C24C29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC06C2A-64A5-4302-B754-A4DC0E12FE7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62D3FD78-5B63-4A1B-B4EE-9B098844691E\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6209\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6744\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7371\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7408\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7464\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7467\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-42669\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2241884\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.samba.org/show_bug.cgi?id=15474\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.samba.org/samba/security/CVE-2023-42669.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7371\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7408\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-42669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2241884\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.samba.org/show_bug.cgi?id=15474\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231124-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.samba.org/samba/security/CVE-2023-42669.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2023:6209\", \"name\": \"RHSA-2023:6209\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:6744\", \"name\": \"RHSA-2023:6744\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7371\", \"name\": \"RHSA-2023:7371\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7408\", \"name\": \"RHSA-2023:7408\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7464\", \"name\": \"RHSA-2023:7464\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7467\", \"name\": \"RHSA-2023:7467\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-42669\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2241884\", \"name\": \"RHBZ#2241884\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.samba.org/show_bug.cgi?id=15474\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231124-0002/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.samba.org/samba/security/CVE-2023-42669.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:23:40.251Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-42669\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-30T14:56:59.417578Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-30T14:56:54.573Z\"}}], \"cna\": {\"title\": \"Samba: \\\"rpcecho\\\" development server allows denial of service via sleep() call on ad dc\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.17.12\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.18.0\", \"lessThan\": \"4.18.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.19.0\"}], \"packageName\": \"samba\", \"collectionURL\": \"https://github.com/samba-team/samba\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\", \"cpe:/a:redhat:enterprise_linux:8::appstream\", \"cpe:/a:redhat:enterprise_linux:8::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.6-2.el8_9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\", \"cpe:/a:redhat:enterprise_linux:8::appstream\", \"cpe:/a:redhat:enterprise_linux:8::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.6-2.el8_9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.6::appstream\", \"cpe:/o:redhat:rhev_hypervisor:4.4::el8\", \"cpe:/o:redhat:rhel_eus:8.6::baseos\", \"cpe:/a:redhat:rhel_eus:8.6::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.15.5-13.el8_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.8::appstream\", \"cpe:/o:redhat:rhel_eus:8.8::baseos\", \"cpe:/a:redhat:rhel_eus:8.8::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.17.5-4.el8_8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9::baseos\", \"cpe:/a:redhat:enterprise_linux:9::resilientstorage\", \"cpe:/a:redhat:enterprise_linux:9::crb\", \"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.6-101.el9_3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9::baseos\", \"cpe:/a:redhat:enterprise_linux:9::resilientstorage\", \"cpe:/a:redhat:enterprise_linux:9::crb\", \"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.6-101.el9_3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.0::appstream\", \"cpe:/o:redhat:rhel_eus:9.0::baseos\", \"cpe:/a:redhat:rhel_eus:9.0::resilientstorage\", \"cpe:/a:redhat:rhel_eus:9.0::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.15.5-111.el9_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.2::crb\", \"cpe:/a:redhat:rhel_eus:9.2::resilientstorage\", \"cpe:/o:redhat:rhel_eus:9.2::baseos\", \"cpe:/a:redhat:rhel_eus:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.17.5-104.el9_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.6::appstream\", \"cpe:/o:redhat:rhev_hypervisor:4.4::el8\", \"cpe:/o:redhat:rhel_eus:8.6::baseos\", \"cpe:/a:redhat:rhel_eus:8.6::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Virtualization 4 for Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.15.5-13.el8_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"samba4\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:storage:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Storage 3\", \"packageName\": \"samba\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-10-03T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2023-10-10T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2023-10-10T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2023:6209\", \"name\": \"RHSA-2023:6209\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:6744\", \"name\": \"RHSA-2023:6744\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7371\", \"name\": \"RHSA-2023:7371\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7408\", \"name\": \"RHSA-2023:7408\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7464\", \"name\": \"RHSA-2023:7464\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7467\", \"name\": \"RHSA-2023:7467\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-42669\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2241884\", \"name\": \"RHBZ#2241884\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.samba.org/show_bug.cgi?id=15474\"}, {\"url\": \"https://www.samba.org/samba/security/CVE-2023-42669.html\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"To mitigate this vulnerability, disable rpcecho service on the AD DC by setting:\\n~~~\\ndcerpc endpoint servers = -rpcecho\\n~~~\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was found in Samba\u0027s \\\"rpcecho\\\" development server, a non-Windows RPC server used to test Samba\u0027s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \\\"rpcecho\\\" service operates with only one worker in the main RPC task, allowing calls to the \\\"rpcecho\\\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \\\"sleep()\\\" call in the \\\"dcesrv_echo_TestSleep()\\\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \\\"rpcecho\\\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \\\"rpcecho\\\" runs in the main RPC task.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-20T18:28:20.323Z\"}, \"x_redhatCweChain\": \"CWE-400: Uncontrolled Resource Consumption\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-42669\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-20T18:28:20.323Z\", \"dateReserved\": \"2023-09-13T04:22:28.796Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2023-11-06T06:57:28.981Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.