CVE-2023-42669

MEDIUM

Samba >=4.0.0 <4.17.12 - Authenticated Denial of Service via rpcecho TestSleep Function

Title source: llm

Description

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.

References (11)

Core 11

Core References

Issue Tracking

https://bugzilla.samba.org/show_bug.cgi?id=15474

Vendor Advisory

https://www.samba.org/samba/security/CVE-2023-42669.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20231124-0002/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:6209

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:6744

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:7371

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:7408

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:7464

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:7467

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-42669

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2241884

Scores

CVSS v3 6.5

EPSS 0.0058

EPSS Percentile 69.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (9)

redhat/enterprise_linux 8.0

redhat/enterprise_linux 9.0

redhat/enterprise_linux_eus 9.0

redhat/enterprise_linux_for_ibm_z_systems 9.0_s390x

redhat/enterprise_linux_for_ibm_z_systems_eus 9.0_s390x

redhat/enterprise_linux_for_power_little_endian 9.0_ppc64le

redhat/enterprise_linux_for_power_little_endian_eus 9.0_ppc64le

redhat/storage 3.0

samba/samba 4.0.0 - 4.17.12

Published Nov 06, 2023

Tracked Since Feb 18, 2026