CVE-2021-23192 log

Severity Medium
Remote Yes
Type Insufficient validation
A security issue has been found in Samba versions 4.10.0 to 4.15.1. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Group Package Affected Fixed Severity Status Ticket
AVG-2538 samba 4.15.1-1 4.15.2-1 Medium Fixed

Setting "dcesrv:max auth states=0" in the smb.conf will provide some mitigation against this issue.

There are no known problems with this change as NT4 classic domain controller, domain member or standalone server.

But it disables "Security Context Multiplexing" and may reopen which means domain members running things like Cisco ISE or VMWare View may no longer work. This applies only to active directory domain controllers.