From patchwork Tue Dec 26 09:46:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Polampalli, Archana" X-Patchwork-Id: 36930 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1FA5CC46CD3 for ; Tue, 26 Dec 2023 09:47:11 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web11.78494.1703584021315012223 for ; Tue, 26 Dec 2023 01:47:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=PnxDUCdG; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=07249f857e=archana.polampalli@windriver.com) Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 3BQ9b1Wv002359 for ; Tue, 26 Dec 2023 01:47:01 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from:to:subject:date:message-id:content-type:mime-version; s= PPS06212021; bh=LN0o7CkrhmyvJIv4Hnf770R2jQeT9qH9H9tbTg3M2Vw=; b= PnxDUCdGp2oIEBk1DpBTmCEqDv4x/mfIGFpqmgINt8KkXro+eTDk8w578laGx69B dHwGKRgHXFz4L5WncOnIRYffo6nbo1xhOqlr3+Mb8tVRp+BtvLiONCeSPwaxcex5 EHhAw0Ml6Z1zoCn/Y0QwyeT+C/yhP+z82U9fQJ5LYzc0ySWMLuK/mkD5WpNVICBQ FmAin6uLkb46bb8/vG1EqrKLPizhHrlxtmETH/dvj52QZE0nHSL0iQqSzR2Fh9mr 7QCW1x+m/tuD4YsVyo9gh8So+EJLlxBg7zuNstsfMlMZ6L4bBHn/Tf40pqPrFdiH I6LBWWZ5ORQDEL4RhH3JoA== Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2100.outbound.protection.outlook.com [104.47.55.100]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3v5yxm1wsm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 26 Dec 2023 01:47:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iZT7ai54oSyxu5JUg015pc22VijzM1cA3j3L47y1berQRPNoqO3YjsluFVsg/eUPR55081ZqBYcPy1cwppzFvNa2HHhK8oBlM/xGgZwuEQCosPz7TG/mqbF292MplJ664m4LGJfqiU8lYU2e0OXV5qEbxfTDr2Gyea1STrAQpKwGjIrK1H41GyiUQZ1WO1h+y1pic1hY+rfeEoG/tsbTb0a2iNiGwx/Y3BGwGJ9HfMi7yk+o62d1KTcZG9uDxligI8xwxd/h6O+akcxKAjE5NawdObPeaqbHVKLaYlfTyln573oF/7/mpEZf6et22ufKACXGJupdjtJAUVJ+XFLdqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LN0o7CkrhmyvJIv4Hnf770R2jQeT9qH9H9tbTg3M2Vw=; b=LnHexPPMSXq4ZG/lK7Qa8jO91VDtccgf4u8uwBtdH+afwbcc8ceLldkYXpEleU3PKvPfmti3CHloqjVKT/niXeCR5a/zsYitlR8sqlyOboaWFQwLrarZ39p2VdxR5rjSqdwO/GgGvYLRHORV/h8eHmcOM3zh8VSFbbSGx0QUb0tpVRcRFbNM7pbPmD/holERJGiqx/j1YySWAr3YgLVYbga4jUyTDmxMIJNDWIgQhblPx3DLgLNDOGZD4MtekNWUEUiosm2WvCtUnRV5Oa8vrIAFUEc45FRbuojPyo72ZIhE9dJG8CIz0rf7NxsOrTEhJdxi3pBw8RA3lXLCcQUxlw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from MW4PR11MB5822.namprd11.prod.outlook.com (2603:10b6:303:185::9) by PH7PR11MB5982.namprd11.prod.outlook.com (2603:10b6:510:1e1::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.27; Tue, 26 Dec 2023 09:46:56 +0000 Received: from MW4PR11MB5822.namprd11.prod.outlook.com ([fe80::d836:9049:e781:2391]) by MW4PR11MB5822.namprd11.prod.outlook.com ([fe80::d836:9049:e781:2391%5]) with mapi id 15.20.7113.027; Tue, 26 Dec 2023 09:46:56 +0000 From: "Polampalli, Archana" To: "openembedded-devel@lists.openembedded.org" Subject: [oe][meta-networking][kirkstone][PATCH 2/2] samba: fix CVE-2023-42669 Thread-Topic: [oe][meta-networking][kirkstone][PATCH 2/2] samba: fix CVE-2023-42669 Thread-Index: AQHaN94FAFstaS9YV0OLRavlKSde3A== Date: Tue, 26 Dec 2023 09:46:55 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5822:EE_|PH7PR11MB5982:EE_ x-ms-office365-filtering-correlation-id: d1eff985-8f2b-4ef8-7fe5-08dc05f798aa x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /Mn66KX1bVhnLG/X45sOo4R8cjM7lKXzt3OyCZ08lQyvx4kQeApGlhEyEbT8+RB1Gog+WAyrIki9cfOUPrPbjguYNP8oYA0/gF1p2g7vA+ww0vkeI89IJr8N0YOH6jb+BuJkEtYSARfKNi0ceESwRv3C652kLRj5D8+fDsj/I150sM877Y5iKEuhnggP6hnqDYNi+qTpyKC8C03pitHej09EoSvWMhOFGpTD1XAvqDrshTC56uwsfeR2WexrPjmdKjjybzXN3Cy11+hp6b87Znl5L4h+1Tjq2nOLiIPXl14YryUJUJNHbfvS/iXWcZ6EXo30PXHhPKL9VIfeGog1NhpccOpWXX08EzjkQ0GH0ON+LxeV2AUlTbB8u79bDcUt92QRdAAOUurGPuD7fF0aPe0DiLxuE/0cuYOrs4FCW3/pQqOhe0h0laUYxQ/pghoBxnvro2PbgKMZngTGTHSZBsXNSG1eVeKAsp3cMH9mPEwoC8j6WibgQcBmSLeSGv95VzxVzITPuxYf2Z3+EDM+HnaG0IVvc2cVEFlfTwGRiHU8ZWbQHfcvUrL0w+4W7cwvRdoxRJo0pmwzLBVh2kboEf4XMd+mba3sbFXq1VjJcEU= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5822.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(396003)(346002)(136003)(39850400004)(366004)(376002)(230922051799003)(451199024)(186009)(64100799003)(1800799012)(33656002)(6916009)(91956017)(76116006)(66946007)(66476007)(64756008)(66446008)(66556008)(7696005)(6506007)(9686003)(55236004)(966005)(478600001)(38070700009)(71200400001)(66574015)(83380400001)(26005)(122000001)(86362001)(55016003)(38100700002)(19627405001)(2906002)(5660300002)(41300700001)(8936002)(8676002)(316002)(52536014);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?4bPE7o/napNHPsmcAgpBmJP?= =?iso-8859-1?q?CF+nrYz/02qw5z9TQSrIZmdHyzSM85jnItsLjCVNU5PVW0c3fhHoyn2AQhyE?= =?iso-8859-1?q?o1FiRFhKrDVs6FBqIYwjEx2lIKezBDP9ZBOL9WERW7ksAppGdu3E7r5+JfNT?= =?iso-8859-1?q?xGUJmSoiarsnc+k7J5G8yAT92oKno4UTe8lnvU+icmr3rtplfHQOOu8FOfjy?= =?iso-8859-1?q?qDsbz/5uJ/l8DCaeNB9eFFQBkItpq/+ux1VVHeIm2EFY+HFuWRsCFs6nFZar?= =?iso-8859-1?q?PnQNCg53c2HTM8KpcRSQKPPGlzB4g0yCWc0LycDRYUxSZ2spqGszYthabi+n?= =?iso-8859-1?q?/Zz2tfH7PjzlhA6iMBXgozvXKDOHskkyQjoPDJBR/GDTvZENiqsraFOH9kFI?= =?iso-8859-1?q?juMvNlD7xARK+35K7BHUy2K1C6Qjw5EqwabLQxvvPoaxqYlHI38ZOiJin1wT?= =?iso-8859-1?q?vupVNH9aqbscrP7DdIn/8vhTWQkpDlNzBDUCm1Uk7tQe/EtBqrCWHdgd4+ZJ?= =?iso-8859-1?q?Mb2nolMBOcz0Vv3wtCZMekiGzeNF78QnBn165mB8btN4MLkFI/HDbHOFinRv?= =?iso-8859-1?q?Qn3UzBISw86vtZ12sQSTxdMA/1Xm/4BXaJsyrHEQyG/VW7h4aJYS0eRB8OFK?= =?iso-8859-1?q?6oAdwRep8vQJ6VF8jc2ij4zM7xrXIYS4HJq3a71HP19wbMZZbN3r++OCIqta?= =?iso-8859-1?q?QKeuYRwaF75zDi5TVmRX/cBxY0fW1HYxdriyWViFOyLPQ3rvmEydF8DrcFSg?= =?iso-8859-1?q?FmOSNbWpH9wdZe1L1gUNm8NTSuwJbZPEDLpu/PpwUDipuSI22f2yBJNvaBtU?= =?iso-8859-1?q?14xr/M/1rgKdSLzB/Qnf+29Jmn8EVx9LquwdQCRF4mRbFwFg2DgFwDR/J8bJ?= =?iso-8859-1?q?+FiAi2DUZUE94nTRGKmbisWDv1VCXk07oZ8naKh/eaKDRvtgnj9SPiffCbwo?= =?iso-8859-1?q?i25zKdq3XviQ89Ivcb7HvAQO416MhtrW6YniiEkyoMkdOojq5W7gaSPw3sZc?= =?iso-8859-1?q?JjZLf0niE/d8SdwPzGJz1KIWAbQ10O3Hw+uWJNRsnRB7LYS2urDY06MVLioR?= =?iso-8859-1?q?qM3xTzm5rlcBFCzrEtvD7ZMQCrO67g5DM52uzq1R5pPtxP+cf71VKGWVOikw?= =?iso-8859-1?q?F4ai5Sv0NY28ZJFD0qZFx4ARZbicRl2He4iifL7p7kOILhIyGkrksEsD2XlS?= =?iso-8859-1?q?0EnIHxqA9KbdbLkUZQ0KKWN43FgMXuoFBwrxTu+A9AvZPKXRuM+dGZt9T71G?= =?iso-8859-1?q?YGr8cXOw3LAYxKu2NU9NdNeQPooWG+GjsxpG7KoXhnKAdlv6fzqwvSFow8wr?= =?iso-8859-1?q?Ia/0bZ4zcBOiC+iZ78avlRess+5yp4wpSSVW/ZHSXRbRjtOQMJJqPcvbVAsI?= =?iso-8859-1?q?pLeb9+IqIAUroXS0a5QWlUV1yZAVODgj59Pjv1KhJHMNPTvh5aiTH6t8A03f?= =?iso-8859-1?q?IvrIRerCQ8Ryf5VSvYi5U+5sT+HUp5FgJ2ANMooMMIUkFM2oGGN85VnyH9/k?= =?iso-8859-1?q?f7yTKiRR/qOTpgRCfjLlL3FLICCnaS0AQrYI9yWUgWyqxk+YKUnTIE+6DLms?= =?iso-8859-1?q?64fnqYy8KvNYdOXiEJ8iFqidiryXp0aKDXMWAaXRI0cVzkytU2aTVhu/W266?= =?iso-8859-1?q?us5H9mIoNtGusorbCN8FtdCTiAI+Owd2lUEiOsw=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5822.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d1eff985-8f2b-4ef8-7fe5-08dc05f798aa X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Dec 2023 09:46:55.5890 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nORvXnM2PEwZSnaPSkEJFDG4IpDMmr08U+ARIHmRqqOGudVtWBQcAl0XAhQPNpgxEc3qFVZGGXchXj85mbxSCrKrvEZTgzI7gUyOPiqO8fAPIMe1x8Q7ouc7G+LXXqq3 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB5982 X-Proofpoint-GUID: yrv5AP5eoj4DtoQxhHvcPsIJUy7udP_t X-Proofpoint-ORIG-GUID: yrv5AP5eoj4DtoQxhHvcPsIJUy7udP_t X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-16_25,2023-11-16_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 priorityscore=1501 mlxscore=0 bulkscore=0 impostorscore=0 adultscore=0 clxscore=1015 phishscore=0 spamscore=0 suspectscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2311290000 definitions=main-2312260072 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Dec 2023 09:47:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/107809 Reminder! Kindly merge this Patch. Regards, Archana From: Archana Polampalli A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task. References: https://nvd.nist.gov/vuln/detail/CVE-2023-42669 Signed-off-by: Archana Polampalli --- .../samba/samba/CVE-2023-42669.patch | 94 +++++++++++++++++++ .../samba/samba_4.14.14.bb | 1 + 2 files changed, 95 insertions(+) create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch -- 2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch new file mode 100644 index 000000000..dfa6aeb02 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch @@ -0,0 +1,94 @@ +From 9989568b20c8f804140c22f51548d766a18ed887 Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett +Date: Tue, 12 Sep 2023 18:59:44 +1200 +Subject: [PATCH] CVE-2023-42669 s4-rpc_server: Disable rpcecho server by + default + +The rpcecho server is useful in development and testing, but should never +have been allowed into production, as it includes the facility to +do a blocking sleep() in the single-threaded rpc worker. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474 + +Signed-off-by: Andrew Bartlett + +CVE: CVE-2023-42669 + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/9989568b20c8f804140c22f51548d766a18ed887] + +Signed-off-by: Archana Polampalli +--- + docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | 2 +- + lib/param/loadparm.c | 2 +- + selftest/target/Samba4.pm | 2 +- + source3/param/loadparm.c | 2 +- + source4/rpc_server/wscript_build | 3 ++- + 5 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml +index 8a217cc..c6642b7 100644 +--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml ++++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml +@@ -6,6 +6,6 @@ + Specifies which DCE/RPC endpoint servers should be run. + + +-epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver ++epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver + rpcecho + +diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c +index eedfa00..75687f5 100644 +--- a/lib/param/loadparm.c ++++ b/lib/param/loadparm.c +@@ -2717,7 +2717,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) + lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default"); + lpcfg_do_global_parameter(lp_ctx, "max connections", "0"); + +- lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver"); ++ lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver"); + lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns"); + lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true"); + /* the winbind method for domain controllers is for both RODC +diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm +index 651faa7..c7b33d2 100755 +--- a/selftest/target/Samba4.pm ++++ b/selftest/target/Samba4.pm +@@ -773,7 +773,7 @@ sub provision_raw_step1($$) + wins support = yes + server role = $ctx->{server_role} + server services = +echo $services +- dcerpc endpoint servers = +winreg +srvsvc ++ dcerpc endpoint servers = +winreg +srvsvc +rpcecho + notify:inotify = false + ldb:nosync = true + ldap server require strong auth = yes +diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c +index 8bcd35f..a99ab35 100644 +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -879,7 +879,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) + + Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL); + +- Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL); ++ Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL); + + Globals.tls_enabled = true; + Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE; +diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build +index 8c75672..a2520da 100644 +--- a/source4/rpc_server/wscript_build ++++ b/source4/rpc_server/wscript_build +@@ -29,7 +29,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho', + source='echo/rpc_echo.c', + subsystem='dcerpc_server', + init_function='dcerpc_server_rpcecho_init', +- deps='ndr-standard events' ++ deps='ndr-standard events', ++ enabled=bld.CONFIG_GET('ENABLE_SELFTEST') + ) + + +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb index dcb4d8137..17d12e439 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb @@ -51,6 +51,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://CVE-2023-34968_0011.patch \ file://CVE-2023-4091-0001.patch \ file://CVE-2023-4091-0002.patch \ + file://CVE-2023-42669.patch \ " SRC_URI:append:libc-musl = " \