{"api_version":"1","generated_at":"2026-04-17T09:17:37+00:00","cve":"CVE-2023-42669","urls":{"html":"https://cve.report/CVE-2023-42669","api":"https://cve.report/api/cve/CVE-2023-42669.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-42669","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-42669"},"summary":{"title":"CVE-2023-42669","description":"A vulnerability was found in Samba's \"rpcecho\" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \"rpcecho\" service operates with only one worker in the main RPC task, allowing calls to the \"rpcecho\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \"sleep()\" call in the \"dcesrv_echo_TestSleep()\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \"rpcecho\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \"rpcecho\" runs in the main RPC task.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-11-06 07:15:00","updated_at":"2023-11-14 18:20:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2023-42669","name":"https://access.redhat.com/security/cve/CVE-2023-42669","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241884","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2241884","refsource":"MISC","tags":[],"title":"2241884 – (CVE-2023-42669) CVE-2023-42669 samba: \"rpcecho\" development server allows denial of service via sleep() call on AD DC","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:6209","name":"https://access.redhat.com/errata/RHSA-2023:6209","refsource":"MISC","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:6744","name":"RHSA-2023:6744","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.samba.org/samba/security/CVE-2023-42669.html","name":"https://www.samba.org/samba/security/CVE-2023-42669.html","refsource":"MISC","tags":[],"title":"Samba - Security Announcement Archive","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.samba.org/show_bug.cgi?id=15474","name":"https://bugzilla.samba.org/show_bug.cgi?id=15474","refsource":"MISC","tags":[],"title":"15474 – (CVE-2023-42669) [SECURITY] CVE-2023-42669 rpcecho, enabled and running in AD DC, allows blocking sleep on request","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-42669","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42669","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"42669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems","cpe6":"9.0_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems_eus","cpe6":"9.0_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian","cpe6":"9.0_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian_eus","cpe6":"9.0_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"storage","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"42669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-42669","qid":"161070","title":"Oracle Enterprise Linux Security Update for samba (ELSA-2023-6744)"},{"cve":"CVE-2023-42669","qid":"161196","title":"Oracle Enterprise Linux Security Update for samba (ELSA-2023-7467)"},{"cve":"CVE-2023-42669","qid":"199820","title":"Ubuntu Security Notification for Samba Vulnerabilities (USN-6425-1)"},{"cve":"CVE-2023-42669","qid":"199907","title":"Ubuntu Security Notification for Samba Vulnerabilities (USN-6425-3)"},{"cve":"CVE-2023-42669","qid":"242260","title":"Red Hat Update for samba (RHSA-2023:6209)"},{"cve":"CVE-2023-42669","qid":"242318","title":"Red Hat Update for samba (RHSA-2023:6744)"},{"cve":"CVE-2023-42669","qid":"242484","title":"Red Hat Update for samba (RHSA-2023:7408)"},{"cve":"CVE-2023-42669","qid":"242507","title":"Red Hat Update for samba (RHSA-2023:7467)"},{"cve":"CVE-2023-42669","qid":"242508","title":"Red Hat Update for samba (RHSA-2023:7464)"},{"cve":"CVE-2023-42669","qid":"242602","title":"Red Hat Update for samba (RHSA-2023:7371)"},{"cve":"CVE-2023-42669","qid":"284612","title":"Fedora Security Update for samba (FEDORA-2023-7eb8cbf1a5)"},{"cve":"CVE-2023-42669","qid":"284682","title":"Fedora Security Update for samba (FEDORA-2023-fff0c857d6)"},{"cve":"CVE-2023-42669","qid":"285191","title":"Fedora Security Update for samba (FEDORA-2023-8c9251e479)"},{"cve":"CVE-2023-42669","qid":"503395","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2023-42669","qid":"505937","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2023-42669","qid":"6000310","title":"Debian Security Update for samba (DSA 5525-1)"},{"cve":"CVE-2023-42669","qid":"673574","title":"EulerOS Security Update for samba (EulerOS-SA-2023-3286)"},{"cve":"CVE-2023-42669","qid":"673680","title":"EulerOS Security Update for samba (EulerOS-SA-2023-3258)"},{"cve":"CVE-2023-42669","qid":"710873","title":"Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202402-28)"},{"cve":"CVE-2023-42669","qid":"755069","title":"SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:4046-1)"},{"cve":"CVE-2023-42669","qid":"755081","title":"SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:4059-1)"},{"cve":"CVE-2023-42669","qid":"755106","title":"SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:4096-1)"},{"cve":"CVE-2023-42669","qid":"941395","title":"AlmaLinux Security Update for samba (ALSA-2023:6744)"},{"cve":"CVE-2023-42669","qid":"941422","title":"AlmaLinux Security Update for samba (ALSA-2023:7467)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-42669","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in Samba's \"rpcecho\" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \"rpcecho\" service operates with only one worker in the main RPC task, allowing calls to the \"rpcecho\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \"sleep()\" call in the \"dcesrv_echo_TestSleep()\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \"rpcecho\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \"rpcecho\" runs in the main RPC task."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Uncontrolled Resource Consumption","cweId":"CWE-400"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"samba","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"4.19.1","status":"unaffected"},{"version":"4.18.8","status":"unaffected"},{"version":"4.17.12","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:4.18.6-101.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:4.18.6-101.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9.0 Extended Update Support","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:4.15.5-111.el9_0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Storage 3","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/errata/RHSA-2023:6209","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:6209"},{"url":"https://access.redhat.com/errata/RHSA-2023:6744","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:6744"},{"url":"https://access.redhat.com/security/cve/CVE-2023-42669","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-42669"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241884","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2241884"},{"url":"https://bugzilla.samba.org/show_bug.cgi?id=15474","refsource":"MISC","name":"https://bugzilla.samba.org/show_bug.cgi?id=15474"},{"url":"https://www.samba.org/samba/security/CVE-2023-42669.html","refsource":"MISC","name":"https://www.samba.org/samba/security/CVE-2023-42669.html"}]},"work_around":[{"lang":"en","value":"To mitigate this vulnerability, disable rpcecho service on the AD DC by setting:\n~~~\ndcerpc endpoint servers = -rpcecho\n~~~"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-11-06 07:15:00","lastModifiedDate":"2023-11-14 18:20:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.19.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18.0","versionEndExcluding":"4.18.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.17.12","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}