CVE-2023-42669

{"id": "CVE-2023-42669", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-11-06T07:15:09.137", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:6209", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:6744", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:7371", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:7408", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:7464", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:7467", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-42669", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241884", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=15474", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://security.netapp.com/advisory/ntap-20231124-0002/", "source": "secalert@redhat.com"}, {"url": "https://www.samba.org/samba/security/CVE-2023-42669.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Samba's \"rpcecho\" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \"rpcecho\" service operates with only one worker in the main RPC task, allowing calls to the \"rpcecho\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \"sleep()\" call in the \"dcesrv_echo_TestSleep()\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \"rpcecho\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \"rpcecho\" runs in the main RPC task."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en el servidor de desarrollo \"rpcecho\" de Samba, un servidor RPC que no es de Windows utilizado para probar los elementos de la pila DCE/RPC de Samba. Esta vulnerabilidad se debe a una funci\u00f3n RPC que puede bloquearse indefinidamente. El problema surge porque el servicio \"rpcecho\" opera con un solo trabajador en la tarea principal de RPC, lo que permite bloquear las llamadas al servidor \"rpcecho\" durante un tiempo espec\u00edfico, lo que provoca interrupciones en el servicio. Esta interrupci\u00f3n se desencadena mediante una llamada \"sleep()\" en la funci\u00f3n \"dcesrv_echo_TestSleep()\" bajo condiciones espec\u00edficas. Los usuarios autenticados o los atacantes pueden aprovechar esta vulnerabilidad para realizar llamadas al servidor \"rpcecho\", solicit\u00e1ndole que se bloquee durante un per\u00edodo espec\u00edfico, interrumpiendo efectivamente la mayor\u00eda de los servicios y provocando una denegaci\u00f3n completa de servicio en AD DC. La DoS afecta a todos los dem\u00e1s servicios ya que \"rpcecho\" se ejecuta en la tarea principal de RPC."}], "lastModified": "2023-11-24T09:15:08.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1CC08E7-E96D-4475-ACB6-22CDF280913E", "versionEndExcluding": "4.17.12", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A33312F-1523-4647-83DA-6DD6231906F9", "versionEndExcluding": "4.18.8", "versionStartIncluding": "4.18.0"}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE496104-DDB5-4709-8026-C83E99B0C865", "versionEndExcluding": "4.19.1", "versionStartIncluding": "4.19.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "379A5883-F6DF-41F5-9403-8D17F6605737"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62D3FD78-5B63-4A1B-B4EE-9B098844691E"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}