CVE-2013-4476 — Samba vulnerability

CWE-3106 documents6 sources

Severity

1.2LOWNVD

EPSS

0.2%

top 54.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedNov 13

Latest updateMay 17

Description

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/samba< samba 2:4.0.11+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.0.11+dfsg-1+3

▶NVDsamba/samba12 versions+11

🔴Vulnerability Details

GHSA

GHSA-r2wh-x73f-g4qw: Samba 4↗2022-05-17

▶

OSV

CVE-2013-4476: Samba 4↗2013-11-13

▶

📋Vendor Advisories

Red Hat

samba: world-readable key.pem with Samba 4 AD DC↗2013-11-11

▶

Debian

CVE-2013-4476: samba - Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided ...↗2013

▶

💬Community

Bugzilla

CVE-2013-4476 samba: world-readable key.pem with Samba 4 AD DC↗2013-10-29

▶