===========================================================
== Subject:     "rpcecho" development server allows Denial
                of Service via sleep() call on AD DC
==
== CVE ID#:     
==
== Versions:    All versions of Samba since Samba 4.0.0
==
== Summary:     Calls to the rpcecho server on the AD DC can request
                that the server block for a user-defined amount of
                time, denying service.
===========================================================

===========
Description
===========

Samba developers have built a non-Windows RPC server known as
"rpcecho" to test elements of the Samba DCE/RPC stack under their full
control.

One RPC function provided by "rpcecho" can block, essentially
indefinitely, and because the "rpcecho" service is provided from the
main RPC task, which has only one worker, this denies essentially all
service on the AD DC.

To address this problem, the rpcecho server is removed from our
production binaries and is restricted to selftest builds only.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    https://www.samba.org/samba/security/

Additionally, Samba $VERSIONS have been issued
as security releases to correct the defect.  Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)

==========
Workaround
==========

Setting "dcerpc endpoint servers = -rpcecho" will disable the rpcecho
service.

=======
Credits
=======

Originally reported by Andrew Bartlett of Catalyst and the Samba Team.

Patches provided by Andrew Bartlett of Catalyst and the Samba Team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================