Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-4408

Published: 9 December 2013

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.

Priority

Medium

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian 		lucid
Released (2:3.4.7~dfsg-1ubuntu3.13)
precise
Released (2:3.6.3-2ubuntu2.9)
quantal
Released (2:3.6.6-3ubuntu5.3)
raring
Released (2:3.6.9-1ubuntu1.2)
saucy
Released (2:3.6.18-1ubuntu3.1)
trusty
Released (2:4.0.13+dfsg-1ubuntu1)
upstream
Released (3.6.22)
utopic
Released (2:4.0.13+dfsg-1ubuntu1)
vivid
Released (2:4.0.13+dfsg-1ubuntu1)
wily
Released (2:4.0.13+dfsg-1ubuntu1)
xenial
Released (2:4.0.13+dfsg-1ubuntu1)
yakkety
Released (2:4.0.13+dfsg-1ubuntu1)
zesty
Released (2:4.0.13+dfsg-1ubuntu1)
Patches:
upstream: http://git.samba.org/?p=samba.git;a=commit;h=d485eff4c13ce3c0ab689cde56fe74ad3a0343f5
upstream: http://git.samba.org/?p=samba.git;a=commit;h=b13b1426f6c309b6ff3b2b5f9e335a62fd256969
upstream: http://git.samba.org/?p=samba.git;a=commit;h=4487b19619fa0fbfc64c33cd073e67ceae8563c3
upstream: http://git.samba.org/?p=samba.git;a=commit;h=288337429fe8f3a830e592a53b8b12e1a060d299
upstream: http://git.samba.org/?p=samba.git;a=commit;h=17667fcf49609a67ce72b6be6f922003db9befdc
upstream: http://git.samba.org/?p=samba.git;a=commit;h=c9d780c7d95dd8a5aaf0a87f48baed3bff046d59
upstream: http://git.samba.org/?p=samba.git;a=commit;h=fc294c4842cfaea19ddcec2a5be37322ab8b5b45
upstream: http://git.samba.org/?p=samba.git;a=commit;h=ba9728b86c52ad2da4d80d80edb17c07bd09be2c
upstream: http://git.samba.org/?p=samba.git;a=commit;h=27a751632eb3bfc3f5610314b8254d16d027c0b0
upstream: http://git.samba.org/?p=samba.git;a=commit;h=9242121dcae43a736a9de5cf73c48a6dc95516f8
upstream: http://git.samba.org/?p=samba.git;a=commit;h=f6d2b22ec51e025a309548224e8354bce52ea648
upstream: http://git.samba.org/?p=samba.git;a=commit;h=6434d492578b37c7c97bd3f55d4fc14958bbd080
upstream: http://git.samba.org/?p=samba.git;a=commit;h=4c2aa03e447b0ac7a74aecdee37205740e43bea5
upstream: http://git.samba.org/?p=samba.git;a=commit;h=b915d0bd6d88f8fe725716b7654acfcb8303a2d4
upstream: http://git.samba.org/?p=samba.git;a=commit;h=50e3da9992e4a43b888caa3aeadfbf5293e8281a
samba4
Launchpad, Ubuntu, Debian 		lucid Ignored
(end of life)
precise Ignored
(end of life)
quantal Ignored
(end of life)
raring Ignored
(end of life)
saucy Ignored
(end of life)
trusty Does not exist

upstream
Released (4.0.13,4.1.3)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading