Severity |
|
Remote |
|
Type |
- |
Unknown |
+ |
Insufficient validation |
|
Description |
+ |
A security issue has been found in Samba versions 4.10.0 to 4.15.1. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. |
|
References |
+ |
https://www.samba.org/samba/security/CVE-2021-23192.html |
+ |
https://www.samba.org/samba/ftp/patches/security/samba-4.15.1-security-2021-11-09.patch |
|
Notes |
+ |
Workaround |
+ |
========== |
+ |
|
+ |
Setting "dcesrv:max auth states=0" in the smb.conf will provide some mitigation against this issue. |
+ |
|
+ |
There are no known problems with this change as NT4 classic domain controller, domain member or standalone server. |
+ |
|
+ |
But it disables "Security Context Multiplexing" and may reopen https://bugzilla.samba.org/show_bug.cgi?id=11892. which means domain members running things like Cisco ISE or VMWare View may no longer work. This applies only to active directory domain controllers. |
|