FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- Private key in key.pem world readable

Affected packages
4.0.* < samba4 < 4.0.11
4.1.* < samba41 < 4.1.1

Details

VuXML ID 479efd57-516e-11e3-9b62-000c292e4fd8
Discovery 2013-06-12
Entry 2013-11-19

The Samba project reports:

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.

[source]

References

CVE Name CVE-2013-4476
URL http://www.samba.org/samba/security/CVE-2013-4476

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.