CVE-2023-42669: 
Samba vulnerability analysis and mitigation

A vulnerability was found in Samba's "rpcecho" development server (CVE-2023-42669), a non-Windows RPC server used to test Samba's DCE/RPC stack elements. The vulnerability was discovered and reported by Andrew Bartlett of Catalyst and the Samba Team. The issue affects all versions of Samba since version 4.0.0 up to versions 4.17.12, 4.18.8, and 4.19.1 (Samba Advisory).

The vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task. Under specific conditions, a fully-blocking sleep() call in the dcesrvechoTestSleep() function can be executed, causing service disruptions. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Red Hat).

When exploited, authenticated users or attackers can make calls to the "rpcecho" server, requesting it to block for a specified duration. Since the rpcecho service runs in the main RPC task, this effectively disrupts most services and can lead to a complete denial of service on the AD DC (Samba Advisory).

To address this vulnerability, the rpcecho server has been removed from production binaries and is now restricted to selftest builds only. Additionally, administrators can set 'dcerpc endpoint servers = -rpcecho' to disable the rpcecho service on the AD DC. The issue has been fixed in Samba versions 4.19.1, 4.18.8, and 4.17.12 (Samba Advisory).