The Samba-Bugzilla – Attachment 18145 Details for
Bug 15473
[SECURITY] CVE-2023-42670 The procedure number is out of range when starting Active Directory Users and Computers
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Updated advisory (v4) with fixed wording
CVE-2023-42670-busy-rpc-DoS-advisory-v4.txt (text/plain), 2.63 KB, created by
Ralph Böhme
on 2023-09-29 08:31:50 UTC
(
hide
)
Description:
Updated advisory (v4) with fixed wording
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2023-09-29 08:31:50 UTC
Size:
2.63 KB
patch
obsolete
>=========================================================== >== Subject: Samba AD DC Busy RPC multiple listener DoS >== >== CVE ID#: CVE-2023-42670 >== >== Versions: All versions of Samba since Samba 4.16 >== >== Summary: Samba can be made to start multiple incompatible RPC > listeners, disrupting service on the AD DC. >=========================================================== > >=========== >Description >=========== > >Samba as an Active Directory DC operates RPC services from two >distinct parts of the codebase. Those services focused on the AD DC >are started in the main "samba" process, while services focused on the >fileserver and NT4-like DC are started from the new samba-dcerpcd, >which is launched on-demand from the fileserver (smbd) tasks. > >When starting, samba-dcerpcd must first confirm which services not to >provide, so as to avoid duplicate listeners. > >The issue in this advisory is that, when Samba's RPC server is under >load, or otherwise not responding, the servers NOT built for the >AD DC (eg build instead for the NT4-emulation "classic DCs") can be >incorrectly started, and compete to listen on the same unix domain >sockets. > >This then results in some queries being answered by the AD DC, and >some not. This has been seen in production at multiple sites, as "The >procedure number is out of range" when starting Active Directory Users >and Computers tool, however it can also be triggered maliciously, to >prevent service on the AD DC. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba 4.19.1, 4.18.8 and 4.17.7 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5) > >========== >Workaround >========== > >Setting "rpc start on demand helpers = no" in the smb.conf will >disable the file-server based RPC servers entirely. While used less >often, these services are required so this is not a long-term solution. > >======= >Credits >======= > >Originally reported by Kirin van der Veer of Planet Innovation and >diagnosed by Andrew Bartlett of Catalyst and the Samba Team. > >Patches provided by Andrew Bartlett of Catalyst and the Samba Team. > >Catalyst thanks Planet Innovation for supporting the production of >this security fix. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 15473
:
18096
|
18097
|
18118
|
18119
|
18133
|
18134
|
18139
|
18140
|
18141
|
18142
|
18143
|
18145
|
18147