CVE-2023-42670

Publication date 10 October 2023

Last updated 26 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.

Read the notes from the security team

Status

Package Ubuntu Release Status
samba 23.10 mantic
Fixed 2:4.18.6+dfsg-1ubuntu2.1
23.04 lunar
Fixed 2:4.17.7+dfsg-1ubuntu2.3
22.04 LTS jammy
Fixed 2:4.15.13+dfsg-0ubuntu1.5
20.04 LTS focal
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected

Notes

mdeslaur

4.16+ only

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.5 · Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities