CVE-2013-4476
Samba 4.0.x < 4.0.11 and 4.1.x < 4.1.1 - Unprotected Private Key Exposure via World-Readable Permissions
Title source: llmDescription
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://www.samba.org/samba/history/samba-4.1.1.html
Various Sources x_refsource_confirm
http://www.samba.org/samba/history/samba-4.0.11.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201502-15.xml
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-11/msg00083.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html
Vendor Advisory x_refsource_confirm
http://www.samba.org/samba/security/CVE-2013-4476
Scores
EPSS
0.0023
EPSS Percentile
45.2%
Details
CWE
CWE-310
Status
published
Products (12)
samba/samba
4.0.0
samba/samba
4.0.1
samba/samba
4.0.2
samba/samba
4.0.3
samba/samba
4.0.4
samba/samba
4.0.5
samba/samba
4.0.6
samba/samba
4.0.7
samba/samba
4.0.8
samba/samba
4.0.9
... and 2 more
Published
Nov 13, 2013
Tracked Since
Feb 18, 2026