Lucene search

K
zdiFlorent Saudel (@thalium_team)ZDI-23-1227
HistoryAug 25, 2023 - 12:00 a.m.

Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability

2023-08-2500:00:00
Florent Saudel (@thalium_team)
www.zerodayinitiative.com
17
samba
spotlight
rpc
infinite loop
dos
vulnerability
remote attackers
authentication
exploit
crafting
arguments
server

EPSS

0.083

Percentile

94.5%

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of Spotlight RPC arguments. Crafted arguments can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the service.