Michael Adam

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.x through 3.6.21 Samba versions 4.0.x through 4.0.12 Samba versions 4.1.x through 4.1.2 **Description** The issue allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. This is due to a heap-based buffer overflow in the `dcerpc read ncacn packet done` function in `librpc/rpc/dcerpc util.c` in `winbindd`. **Recommendations** For Samba versions 3.x through 3.6.21, update to version 3.6.22 or later. For Samba versions 4.0.x through 4.0.12, update to version 4.0.13 or later. For Samba versions 4.1.x through 4.1.2, update to version 4.1.3 or later.