Vulnerability CVE-2023-34966: Information
Description
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
samba | sisyphus | 4.17.10-alt1 | 4.20.1-alt2 | ALT-PU-2023-4523-1 | 324834 | Fixed |
samba | sisyphus_e2k | 4.17.10-alt1 | 4.20.1-alt1 | ALT-PU-2023-4546-1 | - | Fixed |
samba | sisyphus_riscv64 | 4.17.10-alt1 | 4.20.1-alt2 | ALT-PU-2023-4563-1 | - | Fixed |
samba | p10 | 4.16.11-alt2 | 4.19.6-alt2 | ALT-PU-2023-4520-2 | 325414 | Fixed |
samba | p10_e2k | 4.16.11-alt2 | 4.19.6-alt2 | ALT-PU-2023-4651-1 | - | Fixed |
samba | c10f1 | 4.16.11-alt2 | 4.16.11-alt2 | ALT-PU-2023-4522-2 | 325413 | Fixed |
samba | c9f2 | 4.16.11-alt0.c9.1 | 4.14.14-alt0.c9.1 | ALT-PU-2024-8329-1 | 334763 | In work |
samba | p11 | 4.17.10-alt1 | 4.20.1-alt1 | ALT-PU-2023-4523-1 | 324834 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-34966 |
|
https://www.samba.org/samba/security/CVE-2023-34966 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=2222793 |
|
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/ |
|
https://security.netapp.com/advisory/ntap-20230731-0010/ |
|
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ |
|
https://www.debian.org/security/2023/dsa-5477 |
|
RHSA-2023:6667 |
|
RHSA-2023:7139 |
|
RHSA-2024:0423 | |
RHSA-2024:0580 |