Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.3
CVSSv2

CVE-2013-4408

Published: 10/12/2013 Updated: 13/02/2023
CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5
VMScore: 739
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x prior to 3.6.22, 4.0.x prior to 4.0.13, and 4.1.x prior to 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba 4.1.0

samba samba 4.1.2

samba samba 4.1.1

samba samba 4.0.2

samba samba 4.0.11

samba samba 4.0.3

samba samba 4.0.6

samba samba 4.0.10

samba samba 4.0.7

samba samba 4.0.1

samba samba 4.0.8

samba samba 4.0.0

samba samba 4.0.5

samba samba 4.0.12

samba samba 4.0.4

samba samba 4.0.9

samba samba 3.0.19

samba samba 3.0.23

samba samba 3.0.14a

samba samba 3.0.27

samba samba 3.0.31

samba samba 3.0.3

samba samba 3.0.8

samba samba 3.2.15

samba samba 3.6.17

samba samba 3.3.3

samba samba 3.5.1

samba samba 3.0.29

samba samba 3.0.25

samba samba 3.0.25b

samba samba 3.2.5

samba samba 3.4.2

samba samba 3.5.9

samba samba 3.2.3

samba samba 3.6.10

samba samba 3.5.7

samba samba 3.3.15

samba samba 3.4.11

samba samba 3.0.2a

samba samba 3.0.36

samba samba 3.4.0

samba samba 3.0.28

samba samba 3.2.4

samba samba 3.4.7

samba samba 3.0.5

samba samba 3.0.26

samba samba 3.3.9

samba samba 3.4.8

samba samba 3.5.11

samba samba 3.0.21

samba samba 3.4.5

samba samba 3.0.32

samba samba 3.0.26a

samba samba 3.2.13

samba samba 3.0.6

samba samba 3.4.6

samba samba 3.0.21a

samba samba 3.0.34

samba samba 3.6.4

samba samba 3.2.1

samba samba 3.0.4

samba samba 3.5.6

samba samba 3.6.9

samba samba 3.3.4

samba samba 3.6.11

samba samba 3.0.33

samba samba 3.6.19

samba samba 3.6.16

samba samba 3.0.20a

samba samba 3.4.16

samba samba 3.3.12

samba samba 3.0.21b

samba samba 3.0.20

samba samba 3.3.7

samba samba 3.5.19

samba samba 3.4.1

samba samba 3.0.0

samba samba 3.5.8

samba samba 3.0.9

samba samba 3.6.1

samba samba 3.6.2

samba samba 3.2.9

samba samba 3.5.17

samba samba 3.5.2

samba samba 3.0.11

samba samba 3.6.12

samba samba 3.6.3

samba samba 3.0.7

samba samba 3.0.13

samba samba 3.6.8

samba samba 3.4.17

samba samba 3.3.1

samba samba 3.2.2

samba samba 3.2.7

samba samba 3.0.14

samba samba 3.0.20b

samba samba 3.0.16

samba samba 3.5.14

samba samba 3.4.12

samba samba 3.2.10

samba samba 3.0.17

samba samba 3.5.21

samba samba 3.6.7

samba samba 3.4.13

samba samba 3.0.30

samba samba 3.0.21c

samba samba 3.3.11

samba samba 3.6.13

samba samba 3.5.10

samba samba 3.3.0

samba samba 3.4.10

samba samba 3.0.23b

samba samba 3.3.6

samba samba 3.5.5

samba samba 3.3.14

samba samba 3.5.0

samba samba 3.6.6

samba samba 3.5.12

samba samba 3.0.2

samba samba 3.0.12

samba samba 3.2.12

samba samba 3.0.37

samba samba 3.2.8

samba samba 3.6.15

samba samba 3.0.35

samba samba 3.0.18

samba samba 3.6.5

samba samba 3.0.25a

samba samba 3.0.25c

samba samba 3.3.2

samba samba 3.0.24

samba samba 3.5.4

samba samba 3.0.10

samba samba 3.2.11

samba samba 3.4.4

samba samba 3.1.0

samba samba 3.5.18

samba samba 3.4.3

samba samba 3.5.20

samba samba 3.6.20

samba samba 3.3.8

samba samba 3.3.13

samba samba 3.6.18

samba samba 3.6.21

samba samba 3.2.14

samba samba 3.5.15

samba samba 3.5.13

samba samba 3.0.23d

samba samba 3.4.14

samba samba 3.4.9

samba samba 3.2.0

samba samba 3.3.5

samba samba 3.0.23c

samba samba 3.0.15

samba samba 3.2.6

samba samba 3.0.23a

samba samba 3.4.15

samba samba 3.6.14

samba samba 3.5.16

samba samba 3.3.10

samba samba 3.6.0

samba samba 3.0.1

samba samba 3.3.16

samba samba 3.0.22

samba samba 3.5.3

Vendor Advisories

Ubuntu Security Notice: samba vulnerabilities
Several security issues were fixed in Samba ...
Red Hat: Important: samba4 security update
Synopsis Important: samba4 security update Type/Severity Security Advisory: Important Topic Updated samba4 packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability ...
Red Hat: Important: samba and samba3x security update
Synopsis Important: samba and samba3x security update Type/Severity Security Advisory: Important Topic Updated samba3x and samba packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 respectivelyThe Red Hat Security Response Team has rated this update as havingimportan ...
Red Hat: Important: samba security update
Synopsis Important: samba security update Type/Severity Security Advisory: Important Topic Updated samba packages that fix two security issues are now available forRed Hat StorageThe Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerability Scoring System ...
Debian Security Advisories: DSA-2812-1 samba -- several vulnerabilities
Two security issues were found in Samba, a SMB/CIFS file, print, and login server: CVE-2013-4408 It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code CVE-2013-4475 Hemanth Thummala discovered that ACLs were not checked when opening files with alternate da ...
Red Hat: CVE-2013-4408
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_utilc in winbindd in Samba 3x before 3622, 40x before 4013, and 41x before 413 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet ...

References

CWE-119http://www.samba.org/samba/security/CVE-2013-4408http://www.samba.org/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patchhttp://rhn.redhat.com/errata/RHSA-2013-1805.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1806.htmlhttp://www.debian.org/security/2013/dsa-2812http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.htmlhttp://www.ubuntu.com/usn/USN-2054-1http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0009.htmlhttp://lists.opensuse.org/opensuse-updates/2014-03/msg00063.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:299http://www.securityfocus.com/bid/64191http://security.gentoo.org/glsa/glsa-201502-15.xmlhttp://marc.info/?l=bugtraq&m=141660010015249&w=2http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.htmlhttps://usn.ubuntu.com/2054-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-4408
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scriptingCVE-2024-5158XML external entityCVE-2024-4262CVE-2024-2036CVE-2024-4985CVE-2024-21791remote attackersCVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook