FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- Private key in key.pem world readable

Affected packages
4.0.* < samba4 < 4.0.11
4.1.* < samba41 < 4.1.1

Details

VuXML ID 479efd57-516e-11e3-9b62-000c292e4fd8
Discovery 2013-06-12
Entry 2013-11-19

The Samba project reports:

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.

References

CVE Name CVE-2013-4476
URL http://www.samba.org/samba/security/CVE-2013-4476