CVE-2023-42669

EPSS 0.58%
Published 06.11.2023 07:15:09
Last modified 21.11.2024 08:22:55
Source secalert@redhat.com
Teams watchlist Login
Open Login

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.

Affected products Warnungen 0 Metrics 3 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Samba ≫ Samba Version >= 4.0.0 < 4.17.12

Samba ≫ Samba Version >= 4.18.0 < 4.18.8

Samba ≫ Samba Version >= 4.19.0 < 4.19.1

Redhat ≫ Storage Version3.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Eus Version9.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.0_s390x

Redhat ≫ Enterprise Linux For Power Little Endian Version9.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.0_ppc64le

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.58%	0.675

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://security.netapp.com/advisory/ntap-20231124-0002/

https://access.redhat.com/errata/RHSA-2023:6209

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6744

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7371

https://access.redhat.com/errata/RHSA-2023:7408

https://access.redhat.com/errata/RHSA-2023:7464

https://access.redhat.com/errata/RHSA-2023:7467

https://access.redhat.com/security/cve/CVE-2023-42669

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2241884