A security issue has been found in Samba versions 4.10.0 to 4.15.1. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
A security issue has been found in Samba versions 4.10.0 to 4.15.1. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
https://www.samba.org/samba/security/CVE-2021-23192.html https://www.samba.org/samba/ftp/patches/security/samba-4.15.1-security-2021-11-09.patch
Workaround ========== Setting "dcesrv:max auth states=0" in the smb.conf will provide some mitigation against this issue. There are no known problems with this change as NT4 classic domain controller, domain member or standalone server. But it disables "Security Context Multiplexing" and may reopen https://bugzilla.samba.org/show_bug.cgi?id=11892. which means domain members running things like Cisco ISE or VMWare View may no longer work. This applies only to active directory domain controllers.
Vulmon