CVE-2021-23192 - log back

CVE-2021-23192 edited at 09 Nov 2021 20:56:37
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in Samba versions 4.10.0 to 4.15.1. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
References
+ https://www.samba.org/samba/security/CVE-2021-23192.html
+ https://www.samba.org/samba/ftp/patches/security/samba-4.15.1-security-2021-11-09.patch
Notes
+ Workaround
+ ==========
+
+ Setting "dcesrv:max auth states=0" in the smb.conf will provide some mitigation against this issue.
+
+ There are no known problems with this change as NT4 classic domain controller, domain member or standalone server.
+
+ But it disables "Security Context Multiplexing" and may reopen https://bugzilla.samba.org/show_bug.cgi?id=11892. which means domain members running things like Cisco ISE or VMWare View may no longer work. This applies only to active directory domain controllers.
CVE-2021-23192 created at 09 Nov 2021 20:36:10