Back to search
CVE-2013-4476
Published: Nov 13, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.samba.org/samba/history/samba-4.1.1.html
x_refsource_CONFIRM
http://www.samba.org/samba/history/samba-4.0.11.html
x_refsource_CONFIRM
GLSA-201502-15
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2013:1742
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2013:1921
vendor-advisory
x_refsource_SUSE
http://www.samba.org/samba/security/CVE-2013-4476
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now