Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Network

0

CVE-2023-42669

Disclosure Date: November 06, 2023 •

CVE-2023-42669 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability was found in Samba’s “rpcecho” development server, a non-Windows RPC server used to test Samba’s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the “rpcecho” service operates with only one worker in the main RPC task, allowing calls to the “rpcecho” server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a “sleep()” call in the “dcesrv_echo_TestSleep()” function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the “rpcecho” server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as “rpcecho” runs in the main RPC task.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

redhat,
samba

Products

enterprise linux 8.0,
enterprise linux 9.0,
enterprise linux eus 9.0,
enterprise linux for ibm z systems 9.0 s390x,
enterprise linux for ibm z systems eus 9.0 s390x,
enterprise linux for power little endian 9.0 ppc64le,
enterprise linux for power little endian eus 9.0 ppc64le,
samba,
storage 3.0

References

Canonical

CVE-2023-42669 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42669)

Miscellaneous

https://access.redhat.com/errata/RHSA-2023:6209

https://access.redhat.com/security/cve/CVE-2023-42669

https://bugzilla.redhat.com/show_bug.cgi?id=2241884

https://bugzilla.samba.org/show_bug.cgi?id=15474

https://www.samba.org/samba/security/CVE-2023-42669.html

https://access.redhat.com/errata/RHSA-2023:6744

https://access.redhat.com/errata/RHSA-2023:7371

https://access.redhat.com/errata/RHSA-2023:7408

https://access.redhat.com/errata/RHSA-2023:7464

https://access.redhat.com/errata/RHSA-2023:7467

https://security.netapp.com/advisory/ntap-20231124-0002/

Rapid7

Technical Analysis