CVE-2023-34966: 
Samba vulnerability analysis and mitigation

An infinite loop vulnerability was discovered in Samba's mdssvc RPC service for Spotlight, identified as CVE-2023-34966. The vulnerability was found in all versions of Samba prior to 4.18.5, 4.17.10 and 4.16.11, and was publicly disclosed on July 20, 2023. The vulnerability affects the core unmarshalling function slunpackloop() in Samba's Spotlight service (Samba Security).

The vulnerability exists in the parsing of Spotlight mdssvc RPC packets sent by the client. The core unmarshalling function slunpackloop() fails to validate a field in the network packet that contains the count of elements in an array-like structure. When an attacker passes 0 as the count value, the function enters an endless loop consuming 100% CPU. This vulnerability only affects servers where Spotlight is explicitly enabled globally or on individual shares with 'spotlight = yes' (Samba Security). The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, this vulnerability results in a denial of service (DoS) condition by causing the affected function to enter an infinite loop, consuming 100% CPU resources. The vulnerability can be triggered by an unauthenticated attacker by issuing a malformed RPC request (Samba Security).

The vulnerability has been fixed in Samba versions 4.18.5, 4.17.10, and 4.16.11. Administrators are advised to upgrade to these versions or apply the available patches. As a temporary workaround, administrators can disable Spotlight by removing all configuration stanzas that enable Spotlight (spotlight = yes|true) (Samba Security).