CVE-2021-23192: 
Samba vulnerability analysis and mitigation

A vulnerability (CVE-2021-23192) was discovered in Samba's implementation of DCE/RPC affecting versions 4.10.0 and later. The flaw was identified in how Samba handles large DCE/RPC requests that are fragmented. This vulnerability affects Samba servers, with particular concern for systems running as Domain Controllers. For Active Directory domain controllers, this issue impacts Samba versions 4.10.0 and later, while for NT4 classic domain controllers, domain members, or standalone servers, the vulnerability affects versions 4.13.0 and later (Samba Security).

The vulnerability stems from how Samba processes fragmented DCE/RPC requests. While DCE/RPC is typically protected by the underlying SMB transport with features like SMB signing, large DCE/RPC payloads that are fragmented and transmitted over untrusted transports (such as TCP/IP or anonymous SMB) become vulnerable. The security checks on fragment protection were not properly implemented between the policy controls on the header and subsequent fragments. The vulnerability has been assigned a CVSS v3.1 score of 4.8 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) (Samba Security).

If exploited, an attacker could replace subsequent fragments in requests with their own data, potentially altering server behavior and bypassing signature requirements. This is particularly concerning for Samba installations running as Domain Controllers, given their role as centrally trusted services (Samba Security).

Patches have been released in Samba versions 4.15.2, 4.14.10, and 4.13.14. As a workaround, administrators can set 'dcesrv:max auth states=0' in the smb.conf, though this may affect functionality for domain members running services like Cisco ISE or VMWare View. For Active Directory domain controllers, this workaround might reopen issues related to Security Context Multiplexing (Samba Security).