CVE-2023-42669 Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc

2023-11-0606:57:28

CWE-400

redhat

github.com

samba

rpcecho

denial of service

sleep() call

ad dc

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A vulnerability was found in Samba’s “rpcecho” development server, a non-Windows RPC server used to test Samba’s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the “rpcecho” service operates with only one worker in the main RPC task, allowing calls to the “rpcecho” server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a “sleep()” call in the “dcesrv_echo_TestSleep()” function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the “rpcecho” server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as “rpcecho” runs in the main RPC task.

CNA Affected

[
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::crb",
      "cpe:/o:redhat:enterprise_linux:8::baseos",
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.18.6-2.el8_9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::crb",
      "cpe:/o:redhat:enterprise_linux:8::baseos",
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.18.6-2.el8_9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:rhel_eus:8.6::baseos",
      "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
      "cpe:/a:redhat:rhel_eus:8.6::appstream",
      "cpe:/a:redhat:rhel_eus:8.6::crb"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.15.5-13.el8_6",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::appstream",
      "cpe:/o:redhat:rhel_eus:8.8::baseos",
      "cpe:/a:redhat:rhel_eus:8.8::crb"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.17.5-4.el8_8",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::crb",
      "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
      "cpe:/o:redhat:enterprise_linux:9::baseos"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.18.6-101.el9_3",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::crb",
      "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
      "cpe:/o:redhat:enterprise_linux:9::baseos"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.18.6-101.el9_3",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.0::crb",
      "cpe:/a:redhat:rhel_eus:9.0::resilientstorage",
      "cpe:/o:redhat:rhel_eus:9.0::baseos",
      "cpe:/a:redhat:rhel_eus:9.0::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.15.5-111.el9_0",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::crb",
      "cpe:/a:redhat:rhel_eus:9.2::resilientstorage",
      "cpe:/a:redhat:rhel_eus:9.2::appstream",
      "cpe:/o:redhat:rhel_eus:9.2::baseos"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.17.5-104.el9_2",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:rhel_eus:8.6::baseos",
      "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
      "cpe:/a:redhat:rhel_eus:8.6::appstream",
      "cpe:/a:redhat:rhel_eus:8.6::crb"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:4.15.5-13.el8_6",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "packageName": "samba4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/a:redhat:storage:3"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Storage 3",
    "packageName": "samba",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  }
]