// For flags

CVE-2013-4476

Slackware Security Advisory - samba Updates

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.

Samba 4.0.x anteriores a 4.0.11 y 4.1.x anteriores a 4.1.1, cuando LDAP o HTTP se proporcionan sobre SSL, utilizan permisos de lectura globales para una clave privada, lo cual permite a ususarios locales obtener informaciĆ³n sensible mediante la lectura del fichero de la clave, como demostrado al acceder al sistema de ficheros local en un controlador de dominio AD.

Multiple vulnerabilities have been found in Samba, the worst of which allowing a context-dependent attacker to bypass intended file restrictions, cause a Denial of Service or execute arbitrary code. Versions less than 3.6.25 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-06-12 CVE Reserved
  • 2013-11-13 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.0
Search vendor "Samba" for product "Samba" and version "4.0.0"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.1
Search vendor "Samba" for product "Samba" and version "4.0.1"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.2
Search vendor "Samba" for product "Samba" and version "4.0.2"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.3
Search vendor "Samba" for product "Samba" and version "4.0.3"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.4
Search vendor "Samba" for product "Samba" and version "4.0.4"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.5
Search vendor "Samba" for product "Samba" and version "4.0.5"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.6
Search vendor "Samba" for product "Samba" and version "4.0.6"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.7
Search vendor "Samba" for product "Samba" and version "4.0.7"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.8
Search vendor "Samba" for product "Samba" and version "4.0.8"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.9
Search vendor "Samba" for product "Samba" and version "4.0.9"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.0.10
Search vendor "Samba" for product "Samba" and version "4.0.10"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.1.0
Search vendor "Samba" for product "Samba" and version "4.1.0"
-
Affected