Bugzilla – Bug 1215905
VUL-0: CVE-2023-42669: samba: rpcecho, enabled and running in AD DC, allows blocking sleep on request
Last modified: 2023-11-23 04:15:28 UTC
https://www.samba.org/samba/security/CVE-2023-42669.html CVE-2023-42669.html: =========================================================== == Subject: "rpcecho" development server allows Denial of Service via sleep() call on AD DC == == CVE ID#: CVE-2023-42669 == == Versions: All versions of Samba since Samba 4.0.0 == == Summary: Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. =========================================================== =========== Description =========== Samba developers have built a non-Windows RPC server known as "rpcecho" to test elements of the Samba DCE/RPC stack under their full control. One RPC function provided by "rpcecho" can block, essentially indefinitely, and because the "rpcecho" service is provided from the main RPC task, which has only one worker, this denies essentially all service on the AD DC. To address this problem, the rpcecho server is removed from our production binaries and is restricted to selftest builds only. ================== Patch Availability ================== Patches addressing both these issues have been posted to: https://www.samba.org/samba/security/ Additionally, Samba 4.19.1, 4.18.8 and 4.17.12 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible. ================== CVSSv3 calculation ================== CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5) ========== Workaround ========== Setting "dcerpc endpoint servers = -rpcecho" will disable the rpcecho service on the AD DC. ======= Credits ======= Originally reported by Andrew Bartlett of Catalyst and the Samba Team. Patches provided by Andrew Bartlett of Catalyst and the Samba Team. Catalyst thanks Planet Innovation for supporting the production of this security fix. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================
SUSE-SU-2023:4046-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1215904, 1215905, 1215906, 1215907, 1215908 CVE References: CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669, CVE-2023-42670 Sources used: openSUSE Leap 15.5 (src): samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1 SUSE Linux Enterprise Micro 5.5 (src): samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1 Basesystem Module 15-SP5 (src): samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1 SUSE Linux Enterprise High Availability Extension 15 SP5 (src): samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4059-1: An update that solves three vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1213940, 1215904, 1215905, 1215908 CVE References: CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 Sources used: openSUSE Leap 15.4 (src): samba-4.15.13+git.691.3d3cea0641-150400.3.31.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): samba-4.15.13+git.691.3d3cea0641-150400.3.31.1 SUSE Linux Enterprise Micro 5.3 (src): samba-4.15.13+git.691.3d3cea0641-150400.3.31.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): samba-4.15.13+git.691.3d3cea0641-150400.3.31.1 SUSE Linux Enterprise Micro 5.4 (src): samba-4.15.13+git.691.3d3cea0641-150400.3.31.1 Basesystem Module 15-SP4 (src): samba-4.15.13+git.691.3d3cea0641-150400.3.31.1 SUSE Linux Enterprise High Availability Extension 15 SP4 (src): samba-4.15.13+git.691.3d3cea0641-150400.3.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4096-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1215904, 1215905, 1215908 CVE References: CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 Sources used: SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 SUSE Manager Proxy 4.2 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 SUSE Manager Retail Branch Server 4.2 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 SUSE Manager Server 4.2 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 SUSE Enterprise Storage 7.1 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 SUSE Linux Enterprise Micro 5.2 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 SUSE Linux Enterprise High Availability Extension 15 SP3 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.