Novell Home

CVE-2013-4476

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4476 at MITRE

Description

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.

NVD CVSS v2 Base Score: 1.2 (AV:L/AC:H/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entry: 848103

SUSE Security Advisories:

© 2014 Novell