Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "samba": "2:4.0.13+dfsg-1ubuntu1", "libwbclient-dev": "2:4.0.13+dfsg-1ubuntu1", "python-samba": "2:4.0.13+dfsg-1ubuntu1", "registry-tools": "2:4.0.13+dfsg-1ubuntu1", "samba-common-bin": "2:4.0.13+dfsg-1ubuntu1", "samba-dsdb-modules": "2:4.0.13+dfsg-1ubuntu1", "samba-libs": "2:4.0.13+dfsg-1ubuntu1", "libsmbclient-dev": "2:4.0.13+dfsg-1ubuntu1", "samba-doc": "2:4.0.13+dfsg-1ubuntu1", "winbind": "2:4.0.13+dfsg-1ubuntu1", "libsmbsharemodes0": "2:4.0.13+dfsg-1ubuntu1", "libnss-winbind": "2:4.0.13+dfsg-1ubuntu1", "samba-dbg": "2:4.0.13+dfsg-1ubuntu1", "samba-common": "2:4.0.13+dfsg-1ubuntu1", "libpam-winbind": "2:4.0.13+dfsg-1ubuntu1", "smbclient": "2:4.0.13+dfsg-1ubuntu1", "samba-testsuite": "2:4.0.13+dfsg-1ubuntu1", "samba-dev": "2:4.0.13+dfsg-1ubuntu1", "libparse-pidl-perl": "2:4.0.13+dfsg-1ubuntu1", "libsmbclient": "2:4.0.13+dfsg-1ubuntu1", "libwbclient0": "2:4.0.13+dfsg-1ubuntu1", "libpam-smbpass": "2:4.0.13+dfsg-1ubuntu1", "libsmbsharemodes-dev": "2:4.0.13+dfsg-1ubuntu1" } ] }