Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-42670

Good to know:

icon

Date: November 3, 2023

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.

Language: C

Severity Score

Related Resources (9)

https://access.redhat.com/security/cve/CVE-2023-42670
https://nvd.nist.gov/vuln/detail/CVE-2023-42670
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/
https://bugzilla.redhat.com/show_bug.cgi?id=2241885
https://www.samba.org/samba/security/CVE-2023-42670.html
https://github.com/samba-team/samba/commit/2acdaf9860f127c179a3d2e2adb18f901854aebf
https://bugzilla.samba.org/show_bug.cgi?id=15473
https://security-tracker.debian.org/tracker/CVE-2023-42670
https://www.mend.io/vulnerability-database/CVE-2023-42670

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Insufficient Information

NVD-CWE-noinfo

Top Fix

icon

Upgrade Version

Upgrade to version samba-4.17.12,samba-4.18.8,samba-4.19.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us