Home > Vulnerability Database > CVE-2023-42669

Mend.io Vulnerability Database

CVE-2023-42669

Good to know:

Date: November 6, 2023

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.

Language: C

Severity Score

6.5

Related Resources (14)

Url: https://access.redhat.com/errata/RHSA-2023:6209

Url: https://access.redhat.com/errata/RHSA-2023:7408

Url: https://access.redhat.com/errata/RHSA-2023:6744

Url: https://security-tracker.debian.org/tracker/CVE-2023-42669

Url: https://access.redhat.com/errata/RHSA-2023:7371

Url: https://github.com/samba-team/samba/commit/5609c68aa5175a636dc3080676ebff36de1e971f

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-42669

Url: https://www.samba.org/samba/security/CVE-2023-42669.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2241884

Url: https://access.redhat.com/errata/RHSA-2023:7467

Url: https://bugzilla.samba.org/show_bug.cgi?id=15474

Url: https://access.redhat.com/errata/RHSA-2023:7464

Url: https://access.redhat.com/security/cve/CVE-2023-42669

Url: https://www.mend.io/vulnerability-database/CVE-2023-42669

Severity Score

6.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version samba-4.17.12,samba-4.18.8,samba-4.19.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-42669

Good to know:

Date: November 6, 2023

Language: C

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?