Unrated severityOSV Advisory· Published Nov 6, 2023· Updated Nov 20, 2025
Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc
CVE-2023-42669
Description
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
Affected products
55- Range: ldb-1.1.0, ldb-1.1.10, ldb-1.1.11, …
- osv-coords54 versionspkg:deb/ubuntu/samba@2:4.18.6+dfsg-1ubuntu2.1?arch=source&distro=manticpkg:rpm/almalinux/ctdbpkg:rpm/almalinux/libnetapipkg:rpm/almalinux/libnetapi-develpkg:rpm/almalinux/libsmbclientpkg:rpm/almalinux/libsmbclient-develpkg:rpm/almalinux/libwbclientpkg:rpm/almalinux/libwbclient-develpkg:rpm/almalinux/python3-sambapkg:rpm/almalinux/python3-samba-dcpkg:rpm/almalinux/python3-samba-develpkg:rpm/almalinux/python3-samba-testpkg:rpm/almalinux/sambapkg:rpm/almalinux/samba-clientpkg:rpm/almalinux/samba-client-libspkg:rpm/almalinux/samba-commonpkg:rpm/almalinux/samba-common-libspkg:rpm/almalinux/samba-common-toolspkg:rpm/almalinux/samba-dcerpcpkg:rpm/almalinux/samba-dc-libspkg:rpm/almalinux/samba-develpkg:rpm/almalinux/samba-krb5-printingpkg:rpm/almalinux/samba-ldb-ldap-modulespkg:rpm/almalinux/samba-libspkg:rpm/almalinux/samba-pidlpkg:rpm/almalinux/samba-testpkg:rpm/almalinux/samba-test-libspkg:rpm/almalinux/samba-toolspkg:rpm/almalinux/samba-usersharespkg:rpm/almalinux/samba-vfs-iouringpkg:rpm/almalinux/samba-winbindpkg:rpm/almalinux/samba-winbind-clientspkg:rpm/almalinux/samba-winbind-krb5-locatorpkg:rpm/almalinux/samba-winbind-modulespkg:rpm/almalinux/samba-winexepkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/samba&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/samba&distro=SUSE%20Manager%20Server%204.2
< 2:4.18.6+dfsg-1ubuntu2.1+ 53 more
- (no CPE)range: < 2:4.18.6+dfsg-1ubuntu2.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.18.6-101.el9_3.alma.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150400.3.31.1
- (no CPE)range: < 4.17.9+git.421.abde31ca5c2-150500.3.11.1
- (no CPE)range: < 4.19.1+git.312.c912b3d2ef6-1.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150300.3.63.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150300.3.63.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150400.3.31.1
- (no CPE)range: < 4.17.9+git.421.abde31ca5c2-150500.3.11.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150300.3.63.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150300.3.63.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150300.3.63.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150400.3.31.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150400.3.31.1
- (no CPE)range: < 4.17.9+git.421.abde31ca5c2-150500.3.11.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150400.3.31.1
- (no CPE)range: < 4.17.9+git.421.abde31ca5c2-150500.3.11.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150300.3.63.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150300.3.63.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150300.3.63.1
- (no CPE)range: < 4.15.13+git.691.3d3cea0641-150300.3.63.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- access.redhat.com/errata/RHSA-2023:6209mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:6744mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7371mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7408mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7464mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7467mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-42669mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- bugzilla.samba.org/show_bug.cgimitre
- www.samba.org/samba/security/CVE-2023-42669.htmlmitre
News mentions
0No linked articles in our index yet.