| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Insufficient validation |
|
| Description |
| + |
A security issue has been found in Samba versions 4.10.0 to 4.15.1. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. |
|
| References |
| + |
https://www.samba.org/samba/security/CVE-2021-23192.html |
| + |
https://www.samba.org/samba/ftp/patches/security/samba-4.15.1-security-2021-11-09.patch |
|
| Notes |
| + |
Workaround |
| + |
========== |
| + |
|
| + |
Setting "dcesrv:max auth states=0" in the smb.conf will provide some mitigation against this issue. |
| + |
|
| + |
There are no known problems with this change as NT4 classic domain controller, domain member or standalone server. |
| + |
|
| + |
But it disables "Security Context Multiplexing" and may reopen https://bugzilla.samba.org/show_bug.cgi?id=11892. which means domain members running things like Cisco ISE or VMWare View may no longer work. This applies only to active directory domain controllers. |
|