← Voltar para CVEs
CVE-2013-4476
N/ADescricao
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado11/13/2013
Ultima modificacao4/29/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
samba:samba
Fraquezas (CWE)
CWE-310
Referencias
http://lists.opensuse.org/opensuse-updates/2013-11/msg00083.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html(secalert@redhat.com)
http://security.gentoo.org/glsa/glsa-201502-15.xml(secalert@redhat.com)
http://www.samba.org/samba/history/samba-4.0.11.html(secalert@redhat.com)
http://www.samba.org/samba/history/samba-4.1.1.html(secalert@redhat.com)
http://www.samba.org/samba/security/CVE-2013-4476(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00083.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html(af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201502-15.xml(af854a3a-2127-422b-91ae-364da2661108)
http://www.samba.org/samba/history/samba-4.0.11.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.samba.org/samba/history/samba-4.1.1.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.samba.org/samba/security/CVE-2013-4476(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.