Lucene search
K

6 matches found

Veracode
Veracode
added 2019/01/15 8:53 a.m.29 views

Remote Code Execution (RCE)

samba4 is vulnerable to remote code execution RCE attacks. The vulnerability exists through a heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain...

8.3CVSS8.3AI score0.0379EPSS
Exploits1References25Affected Software2
Tenable Nessus
Tenable Nessus
added 2013/12/12 12:0 a.m.35 views

Samba 3.x < 3.6.22 / 4.0.x < 4.0.13 / 4.1.x < 4.1.3 Multiple Vulnerabilities

According to its banner, the version of Samba running on the remote host is 3.3.x equal or later than 3.3.10, 3.4.x, 3.5.x, 3.6.x prior to 3.6.22, 4.0.x prior to 4.0.13 or 4.1.x prior to 4.1.3. It is, therefore, potentially affected by multiple vulnerabilities : - A security bypass vulnerability...

8.3CVSS8.2AI score0.0379EPSS
Exploits1References6
NVD
NVD
added 2013/12/10 6:14 a.m.25 views

CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

8.3CVSS8AI score0.02748EPSS
Exploits0References18
Cvelist
Cvelist
added 2013/12/10 2:0 a.m.25 views

CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

7.9AI score0.02748EPSS
Exploits0References18
Debian CVE
Debian CVE
added 2013/12/10 2:0 a.m.28 views

CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

8.3CVSS7.7AI score0.02748EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2013/12/09 12:0 a.m.28 views

CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

8.3CVSS7.6AI score0.02748EPSS
Exploits0References3
Rows per page
Query Builder