Guest

Preview Tool

Cisco Bug: CSCul90225 - SA520 - Samba Root Level Compromise CVE-2013-4408

Last Modified

Dec 29, 2019

Products (4)

  • Cisco Small Business SA500 Series Security Appliances
  • Cisco SA520 Security Appliance
  • Cisco SA540 Security Appliance
  • Cisco SA520W Security Appliance

Known Affected Releases

1.1.21 1.1.42 1.1.65 2.1.18 2.1.19 2.1.51

Description (partial)

Symptom:
This bug is to investigate the impact of a heap-based buffer overflow in the Samba code. Specifically, a heap-based buffer overflow in the
dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before
4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.

Conditions:
None
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.