Lucene search
RedhatCVE-2013-4408HistoryDec 10, 2013 - 6:14 a.m.
CVE-2013-4408
2013-12-1006:14:55
CWE-119
redhat
web.nvd.nist.gov
89
cve-2013-4408
buffer overflow
samba
remote code execution
security vulnerability
nvd
ad domain controller
CVSS2
8.3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
AI Score
8.4
Confidence
High
EPSS
0.007
Percentile
80.8%
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.
Affected configurations
Node
sambasambaMatch4.1.0
ORsambasambaMatch4.1.1
ORsambasambaMatch4.1.2
Node
sambasambaMatch4.0.0
ORsambasambaMatch4.0.1
ORsambasambaMatch4.0.2
ORsambasambaMatch4.0.3
ORsambasambaMatch4.0.4
ORsambasambaMatch4.0.5
ORsambasambaMatch4.0.6
ORsambasambaMatch4.0.7
ORsambasambaMatch4.0.8
ORsambasambaMatch4.0.9
ORsambasambaMatch4.0.10
ORsambasambaMatch4.0.11
ORsambasambaMatch4.0.12
Node
sambasambaMatch3.0.0
ORsambasambaMatch3.0.1
ORsambasambaMatch3.0.2
ORsambasambaMatch3.0.2a
ORsambasambaMatch3.0.2a
ORsambasambaMatch3.0.3
ORsambasambaMatch3.0.4
ORsambasambaMatch3.0.4rc1
ORsambasambaMatch3.0.5
ORsambasambaMatch3.0.6
ORsambasambaMatch3.0.7
ORsambasambaMatch3.0.8
ORsambasambaMatch3.0.9
ORsambasambaMatch3.0.10
ORsambasambaMatch3.0.11
ORsambasambaMatch3.0.12
ORsambasambaMatch3.0.13
ORsambasambaMatch3.0.14
ORsambasambaMatch3.0.14a
ORsambasambaMatch3.0.14a
ORsambasambaMatch3.0.15
ORsambasambaMatch3.0.16
ORsambasambaMatch3.0.17
ORsambasambaMatch3.0.18
ORsambasambaMatch3.0.19
ORsambasambaMatch3.0.20
ORsambasambaMatch3.0.20a
ORsambasambaMatch3.0.20b
ORsambasambaMatch3.0.20a
ORsambasambaMatch3.0.20b
ORsambasambaMatch3.0.21
ORsambasambaMatch3.0.21a
ORsambasambaMatch3.0.21b
ORsambasambaMatch3.0.21c
ORsambasambaMatch3.0.21a
ORsambasambaMatch3.0.21b
ORsambasambaMatch3.0.21c
ORsambasambaMatch3.0.22
ORsambasambaMatch3.0.23
ORsambasambaMatch3.0.23a
ORsambasambaMatch3.0.23b
ORsambasambaMatch3.0.23c
ORsambasambaMatch3.0.23d
ORsambasambaMatch3.0.23a
ORsambasambaMatch3.0.23b
ORsambasambaMatch3.0.23c
ORsambasambaMatch3.0.23d
ORsambasambaMatch3.0.24
ORsambasambaMatch3.0.25
ORsambasambaMatch3.0.25a
ORsambasambaMatch3.0.25b
ORsambasambaMatch3.0.25c
ORsambasambaMatch3.0.25pre1
ORsambasambaMatch3.0.25pre2
ORsambasambaMatch3.0.25rc1
ORsambasambaMatch3.0.25rc2
ORsambasambaMatch3.0.25rc3
ORsambasambaMatch3.0.25a
ORsambasambaMatch3.0.25b
ORsambasambaMatch3.0.25c
ORsambasambaMatch3.0.26
ORsambasambaMatch3.0.26a
ORsambasambaMatch3.0.26a
ORsambasambaMatch3.0.27
ORsambasambaMatch3.0.27a
ORsambasambaMatch3.0.28
ORsambasambaMatch3.0.28a
ORsambasambaMatch3.0.29
ORsambasambaMatch3.0.30
ORsambasambaMatch3.0.31
ORsambasambaMatch3.0.32
ORsambasambaMatch3.0.33
ORsambasambaMatch3.0.34
ORsambasambaMatch3.0.35
ORsambasambaMatch3.0.36
ORsambasambaMatch3.0.37
ORsambasambaMatch3.1.0
ORsambasambaMatch3.2.0
ORsambasambaMatch3.2.1
ORsambasambaMatch3.2.2
ORsambasambaMatch3.2.3
ORsambasambaMatch3.2.4
ORsambasambaMatch3.2.5
ORsambasambaMatch3.2.6
ORsambasambaMatch3.2.7
ORsambasambaMatch3.2.8
ORsambasambaMatch3.2.9
ORsambasambaMatch3.2.10
ORsambasambaMatch3.2.11
ORsambasambaMatch3.2.12
ORsambasambaMatch3.2.13
ORsambasambaMatch3.2.14
ORsambasambaMatch3.2.15
ORsambasambaMatch3.3.0
ORsambasambaMatch3.3.1
ORsambasambaMatch3.3.2
ORsambasambaMatch3.3.3
ORsambasambaMatch3.3.4
ORsambasambaMatch3.3.5
ORsambasambaMatch3.3.6
ORsambasambaMatch3.3.7
ORsambasambaMatch3.3.8
ORsambasambaMatch3.3.9
ORsambasambaMatch3.3.10
ORsambasambaMatch3.3.11
ORsambasambaMatch3.3.12
ORsambasambaMatch3.3.13
ORsambasambaMatch3.3.14
ORsambasambaMatch3.3.15
ORsambasambaMatch3.3.16
ORsambasambaMatch3.4.0
ORsambasambaMatch3.4.1
ORsambasambaMatch3.4.2
ORsambasambaMatch3.4.3
ORsambasambaMatch3.4.4
ORsambasambaMatch3.4.5
ORsambasambaMatch3.4.6
ORsambasambaMatch3.4.7
ORsambasambaMatch3.4.8
ORsambasambaMatch3.4.9
ORsambasambaMatch3.4.10
ORsambasambaMatch3.4.11
ORsambasambaMatch3.4.12
ORsambasambaMatch3.4.13
ORsambasambaMatch3.4.14
ORsambasambaMatch3.4.15
ORsambasambaMatch3.4.16
ORsambasambaMatch3.4.17
ORsambasambaMatch3.5.0
ORsambasambaMatch3.5.1
ORsambasambaMatch3.5.2
ORsambasambaMatch3.5.3
ORsambasambaMatch3.5.4
ORsambasambaMatch3.5.5
ORsambasambaMatch3.5.6
ORsambasambaMatch3.5.7
ORsambasambaMatch3.5.8
ORsambasambaMatch3.5.9
ORsambasambaMatch3.5.10
ORsambasambaMatch3.5.11
ORsambasambaMatch3.5.12
ORsambasambaMatch3.5.13
ORsambasambaMatch3.5.14
ORsambasambaMatch3.5.15
ORsambasambaMatch3.5.16
ORsambasambaMatch3.5.17
ORsambasambaMatch3.5.18
ORsambasambaMatch3.5.19
ORsambasambaMatch3.5.20
ORsambasambaMatch3.5.21
ORsambasambaMatch3.6.0
ORsambasambaMatch3.6.1
ORsambasambaMatch3.6.2
ORsambasambaMatch3.6.3
ORsambasambaMatch3.6.4
ORsambasambaMatch3.6.5
ORsambasambaMatch3.6.6
ORsambasambaMatch3.6.7
ORsambasambaMatch3.6.8
ORsambasambaMatch3.6.9
ORsambasambaMatch3.6.10
ORsambasambaMatch3.6.11
ORsambasambaMatch3.6.12
ORsambasambaMatch3.6.13
ORsambasambaMatch3.6.14
ORsambasambaMatch3.6.15
ORsambasambaMatch3.6.16
ORsambasambaMatch3.6.17
ORsambasambaMatch3.6.18
ORsambasambaMatch3.6.19
ORsambasambaMatch3.6.20
ORsambasambaMatch3.6.21
| Vendor | Product | Version | CPE |
|---|---|---|---|
| samba | samba | 4.1.0 | cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:* |
| samba | samba | 4.1.1 | cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:* |
| samba | samba | 4.1.2 | cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:* |
| samba | samba | 4.0.0 | cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:* |
| samba | samba | 4.0.1 | cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:* |
| samba | samba | 4.0.2 | cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:* |
| samba | samba | 4.0.3 | cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:* |
| samba | samba | 4.0.4 | cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:* |
| samba | samba | 4.0.5 | cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:* |
| samba | samba | 4.0.6 | cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:* |
References
lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
lists.opensuse.org/opensuse-updates/2013-12/msg00088.html
lists.opensuse.org/opensuse-updates/2014-03/msg00063.html
marc.info/?l=bugtraq&m=141660010015249&w=2
rhn.redhat.com/errata/RHSA-2013-1805.html
rhn.redhat.com/errata/RHSA-2013-1806.html
rhn.redhat.com/errata/RHSA-2014-0009.html
security.gentoo.org/glsa/glsa-201502-15.xml
www.debian.org/security/2013/dsa-2812
www.mandriva.com/security/advisories?name=MDVSA-2013:299
www.samba.org/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch
www.samba.org/samba/security/CVE-2013-4408
www.securityfocus.com/bid/64191
www.ubuntu.com/usn/USN-2054-1
Related
nessus
nessus
CentOS 6 : samba4 (CESA-2013:1805)
2013-12-10 00:00:00
Oracle Linux 6 : samba4 (ELSA-2013-1805)
2013-12-10 00:00:00
RHEL 6 : samba4 (RHSA-2013:1805)
2013-12-10 00:00:00
centos
centos
samba4 security update
2013-12-10 01:02:20
libsmbclient, samba, samba3x security update
2013-12-10 01:03:24
samba
samba
DCE-RPC fragment length field is incorrectly checked.
2013-12-09 00:00:00
openvas
openvas
CentOS Update for samba4 CESA-2013:1805 centos6
2013-12-17 00:00:00
Samba >= 3.4.0 DoS Vulnerability (CVE-2013-4408)
2021-09-24 00:00:00
Oracle: Security Advisory (ELSA-2013-1805)
2015-10-06 00:00:00
debiancve
debiancve
CVE-2013-4408
2013-12-10 06:14:55
oraclelinux
oraclelinux
samba4 security update
2013-12-09 00:00:00
samba and samba3x security update
2013-12-09 00:00:00
samba security and bug fix update
2018-06-25 00:00:00
cvelist
cvelist
CVE-2013-4408
2013-12-10 02:00:00
redhat
redhat
(RHSA-2013:1805) Important: samba4 security update
2013-12-09 00:00:00
(RHSA-2013:1806) Important: samba and samba3x security update
2013-12-09 00:00:00
(RHSA-2014:0009) Important: samba security update
2014-01-06 00:00:00
nvd
nvd
CVE-2013-4408
2013-12-10 06:14:55
slackware
slackware
samba
2014-01-13 22:30:45
ubuntucve
ubuntucve
CVE-2013-4408
2013-12-09 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:53:06
Privilege Escalation
2019-05-02 05:00:33
prion
prion
Heap overflow
2013-12-10 06:14:00
securityvulns
securityvulns
Samba buffer overflow
2014-01-08 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: samba-4.1.3-2.fc20
2013-12-24 03:39:37
[SECURITY] Fedora 20 Update: samba-4.1.6-1.fc20
2014-03-15 15:15:35
[SECURITY] Fedora 19 Update: samba-4.0.13-1.fc19
2013-12-15 03:35:27
altlinux
altlinux
Security fix for the ALT Linux 8 package samba-DC version 4.1.3-alt1
2013-12-09 00:00:00
Security fix for the ALT Linux 8 package samba version 4.1.3-alt1
2013-12-09 00:00:00
Security fix for the ALT Linux 10 package samba version 4.1.3-alt1
2013-12-09 00:00:00
ibm
ibm
debian
debian
[SECURITY] [DSA 2812-1] samba security update
2013-12-09 10:13:23
mageia
mageia
Updated samba package fixes multiple vulnerabilities
2013-12-13 02:22:59
osv
osv
samba - several
2013-12-09 00:00:00
ctdb-4.5.0-1.1 on GA media
2024-06-15 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2012-06-12 00:00:00
ubuntu
ubuntu
Samba vulnerabilities
2013-12-11 00:00:00
suse
suse
Security update for Samba (important)
2014-01-07 00:04:36
Security update for samba (important)
2016-04-20 12:11:11
Security update for samba (important)
2016-04-20 12:07:48
gentoo
gentoo
Samba: Multiple vulnerabilities
2015-02-25 00:00:00
CVSS2
8.3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
AI Score
8.4
Confidence
High
EPSS
0.007
Percentile
80.8%
Related for CVE-2013-4408