{ "id": "CVE-2013-4476", "sourceIdentifier": "secalert@redhat.com", "published": "2013-11-13T15:55:03.517", "lastModified": "2024-11-21T01:55:38.760", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller." }, { "lang": "es", "value": "Samba 4.0.x anteriores a 4.0.11 y 4.1.x anteriores a 4.1.1, cuando LDAP o HTTP se proporcionan sobre SSL, utilizan permisos de lectura globales para una clave privada, lo cual permite a ususarios locales obtener informaci\u00f3n sensible mediante la lectura del fichero de la clave, como demostrado al acceder al sistema de ficheros local en un controlador de dominio AD." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "baseScore": 1.2, "accessVector": "LOCAL", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "baseSeverity": "LOW", "exploitabilityScore": 1.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-310" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0DEEFFF7-DF7C-4641-81A9-1CD64DC29DEC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2855B3F6-49B6-4D25-BEAC-4D1797D1E100" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6C1F1993-70A2-4104-85AF-3BECB330AB24" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E955458C-8F5C-4D55-9F78-9E1CB4416F10" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "866FF7AC-19EA-49E7-B423-9FF57839B580" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "2A1A64C7-B039-4724-B06C-EAC898EB3B73" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "C572E25A-4B44-426D-B637-292A08766D7F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "6D96D806-ED52-4010-9F5F-F84E33C245D2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "643FC7D2-FC39-43FA-99E6-805553FE1DCB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "E2B95519-0C9D-473C-912D-E350106DC4CD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "DC603E1A-7882-45F0-9E8D-157F191C0FD3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CB9C10B-284E-48CD-A524-1A6BF828AED9" } ] } ] } ], "references": [ { "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00083.html", "source": "secalert@redhat.com" }, { "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html", "source": "secalert@redhat.com" }, { "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml", "source": "secalert@redhat.com" }, { "url": "http://www.samba.org/samba/history/samba-4.0.11.html", "source": "secalert@redhat.com" }, { "url": "http://www.samba.org/samba/history/samba-4.1.1.html", "source": "secalert@redhat.com" }, { "url": "http://www.samba.org/samba/security/CVE-2013-4476", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00083.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.samba.org/samba/history/samba-4.0.11.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.samba.org/samba/history/samba-4.1.1.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.samba.org/samba/security/CVE-2013-4476", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }