CVE-2023-42670: 
Samba vulnerability analysis and mitigation

CVE-2023-42670 is a vulnerability discovered in Samba that affects all versions since Samba 4.16. The vulnerability allows multiple incompatible RPC listeners to be initiated, causing disruptions in the Active Directory Domain Controller (AD DC) service. The issue was initially reported by Kirin van der Veer of Planet Innovation and diagnosed by Andrew Bartlett of Catalyst and the Samba Team (Samba Advisory).

When Samba's RPC server experiences high load or becomes unresponsive, servers intended for non-AD DC purposes (such as NT4-emulation 'classic DCs') can erroneously start and compete for the same unix domain sockets. This results in partial query responses from the AD DC, manifesting as 'The procedure number is out of range' errors when using tools like Active Directory Users and Computers. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD Database).

The vulnerability can lead to a denial of service condition in the AD DC services. When exploited, it causes some queries to be answered by the AD DC and some not, effectively disrupting normal AD DC operations and preventing proper service functionality (Samba Advisory).

A temporary workaround involves setting 'rpc start on demand helpers = no' in the smb.conf, which will disable the file-server based RPC servers entirely. However, this is not recommended as a long-term solution since these services are required. The permanent fix is available in Samba versions 4.19.1, 4.18.8, and 4.17.12, which have been issued as security releases to correct the defect (Samba Advisory).