VIR Vulnerability Intelligence Relay

CVE-2013-4408

high
Published 2013-12-10 · Modified 2026-04-29
CVSS v3
CVSS v2
8.3
VIR risk
8.3

Description

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-4408

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.samba.org/samba/security/CVE-2013-4408

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2013-4408.html

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed2:4.0.13+dfsg-1
debian debianbullseyefixed2:4.0.13+dfsg-1
debian debianforkyfixed2:4.0.13+dfsg-1
debian debiansidfixed2:4.0.13+dfsg-1
debian debiantrixiefixed2:4.0.13+dfsg-1

Application impact
VendorProductVersionsFixed
sambasamba4.1.0
sambasamba4.1.1
sambasamba4.1.2
sambasamba4.0.0
sambasamba4.0.1
sambasamba4.0.2
sambasamba4.0.3
sambasamba4.0.4
sambasamba4.0.5
sambasamba4.0.6
sambasamba4.0.7
sambasamba4.0.8
sambasamba4.0.9
sambasamba4.0.10
sambasamba4.0.11
sambasamba4.0.12
sambasamba3.0.0
sambasamba3.0.1
sambasamba3.0.2
sambasamba3.0.2a
sambasamba3.0.3
sambasamba3.0.4
sambasamba3.0.5
sambasamba3.0.6
sambasamba3.0.7
sambasamba3.0.8
sambasamba3.0.9
sambasamba3.0.10
sambasamba3.0.11
sambasamba3.0.12
sambasamba3.0.13
sambasamba3.0.14
sambasamba3.0.14a
sambasamba3.0.15
sambasamba3.0.16
sambasamba3.0.17
sambasamba3.0.18
sambasamba3.0.19
sambasamba3.0.20
sambasamba3.0.20a
sambasamba3.0.20b
sambasamba3.0.21
sambasamba3.0.21a
sambasamba3.0.21b
sambasamba3.0.21c
sambasamba3.0.22
sambasamba3.0.23
sambasamba3.0.23a
sambasamba3.0.23b
sambasamba3.0.23c
sambasamba3.0.23d
sambasamba3.0.24
sambasamba3.0.25
sambasamba3.0.25a
sambasamba3.0.25b
sambasamba3.0.25c
sambasamba3.0.26
sambasamba3.0.26a
sambasamba3.0.27
sambasamba3.0.28
sambasamba3.0.29
sambasamba3.0.30
sambasamba3.0.31
sambasamba3.0.32
sambasamba3.0.33
sambasamba3.0.34
sambasamba3.0.35
sambasamba3.0.36
sambasamba3.0.37
sambasamba3.1.0
sambasamba3.2.0
sambasamba3.2.1
sambasamba3.2.2
sambasamba3.2.3
sambasamba3.2.4
sambasamba3.2.5
sambasamba3.2.6
sambasamba3.2.7
sambasamba3.2.8
sambasamba3.2.9
sambasamba3.2.10
sambasamba3.2.11
sambasamba3.2.12
sambasamba3.2.13
sambasamba3.2.14
sambasamba3.2.15
sambasamba3.3.0
sambasamba3.3.1
sambasamba3.3.2
sambasamba3.3.3
sambasamba3.3.4
sambasamba3.3.5
sambasamba3.3.6
sambasamba3.3.7
sambasamba3.3.8
sambasamba3.3.9
sambasamba3.3.10
sambasamba3.3.11
sambasamba3.3.12
sambasamba3.3.13
sambasamba3.3.14
sambasamba3.3.15
sambasamba3.3.16
sambasamba3.4.0
sambasamba3.4.1
sambasamba3.4.2
sambasamba3.4.3
sambasamba3.4.4
sambasamba3.4.5
sambasamba3.4.6
sambasamba3.4.7
sambasamba3.4.8
sambasamba3.4.9
sambasamba3.4.10
sambasamba3.4.11
sambasamba3.4.12
sambasamba3.4.13
sambasamba3.4.14
sambasamba3.4.15
sambasamba3.4.16
sambasamba3.4.17
sambasamba3.5.0
sambasamba3.5.1
sambasamba3.5.2
sambasamba3.5.3
sambasamba3.5.4
sambasamba3.5.5
sambasamba3.5.6
sambasamba3.5.7
sambasamba3.5.8
sambasamba3.5.9
sambasamba3.5.10
sambasamba3.5.11
sambasamba3.5.12
sambasamba3.5.13
sambasamba3.5.14
sambasamba3.5.15
sambasamba3.5.16
sambasamba3.5.17
sambasamba3.5.18
sambasamba3.5.19
sambasamba3.5.20
sambasamba3.5.21
sambasamba3.6.0
sambasamba3.6.1
sambasamba3.6.2
sambasamba3.6.3
sambasamba3.6.4
sambasamba3.6.5
sambasamba3.6.6
sambasamba3.6.7
sambasamba3.6.8
sambasamba3.6.9
sambasamba3.6.10
sambasamba3.6.11
sambasamba3.6.12
sambasamba3.6.13
sambasamba3.6.14
sambasamba3.6.15
sambasamba3.6.16
sambasamba3.6.17
sambasamba3.6.18
sambasamba3.6.19
sambasamba3.6.20
sambasamba3.6.21

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.