Bug 2241884 (CVE-2023-42669) - CVE-2023-42669 samba: "rpcecho" development server allows denial of service via sleep() call on AD DC
Summary: CVE-2023-42669 samba: "rpcecho" development server allows denial of service v...
Keywords:
Status: NEW
Alias: CVE-2023-42669
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2241916 2243229
Blocks: 2228383
TreeView+ depends on / blocked
 
Reported: 2023-10-03 07:34 UTC by TEJ RATHI
Modified: 2024-04-03 08:09 UTC (History)
5 users (show)

Fixed In Version: samba 4.19.1, samba 4.18.8, samba 4.17.12
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:6209 0 None None None 2023-10-31 10:05:15 UTC
Red Hat Product Errata RHSA-2023:6744 0 None None None 2023-11-07 10:08:18 UTC
Red Hat Product Errata RHSA-2023:7371 0 None None None 2023-11-21 11:17:34 UTC
Red Hat Product Errata RHSA-2023:7408 0 None None None 2023-11-21 11:42:39 UTC
Red Hat Product Errata RHSA-2023:7464 0 None None None 2023-11-22 17:27:16 UTC
Red Hat Product Errata RHSA-2023:7467 0 None None None 2023-11-22 17:29:48 UTC

Description TEJ RATHI 2023-10-03 07:34:37 UTC 
Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. One RPC function provided by "rpcecho" can block, essentially indefinitely, and because the "rpcecho" service is provided from the main RPC task, which has only one worker, this denies essentially all service on the AD DC.

https://bugzilla.samba.org/show_bug.cgi?id=15474
Comment 2 TEJ RATHI 2023-10-11 10:43:33 UTC 
This CVE is now Public:
https://www.samba.org/samba/security/CVE-2023-42669.html
Comment 3 TEJ RATHI 2023-10-11 10:46:02 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2243229]
Comment 4 errata-xmlrpc 2023-10-31 10:05:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:6209 https://access.redhat.com/errata/RHSA-2023:6209
Comment 5 errata-xmlrpc 2023-11-07 10:08:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6744 https://access.redhat.com/errata/RHSA-2023:6744
Comment 6 errata-xmlrpc 2023-11-21 11:17:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7371 https://access.redhat.com/errata/RHSA-2023:7371
Comment 7 errata-xmlrpc 2023-11-21 11:42:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7408 https://access.redhat.com/errata/RHSA-2023:7408
Comment 8 errata-xmlrpc 2023-11-22 17:27:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7464 https://access.redhat.com/errata/RHSA-2023:7464
Comment 9 errata-xmlrpc 2023-11-22 17:29:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7467 https://access.redhat.com/errata/RHSA-2023:7467
Note You need to log in before you can comment on or make changes to this bug.