1
Candidate: CVE-2013-4476
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476
5
http://www.samba.org/samba/security/CVE-2013-4476
6
http://www.samba.org/samba/history/samba-4.1.1.html
7
http://www.samba.org/samba/history/samba-4.0.11.html
9
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is
10
provided over SSL, uses world-readable permissions for a private key, which
11
allows local users to obtain sensitive information by reading the key file,
12
as demonstrated by access to the local filesystem on an AD domain
16
mdeslaur> Doesn't apply to 3.x
19
Discovered-by: Stefan Metzmacher, Björn Baumbach
23
upstream: http://www.samba.org/samba/ftp/patches/security/samba-4.1.0-CVE-2013-4475-CVE-2013-4476.patch (4.1.0)
24
upstream: http://www.samba.org/samba/ftp/patches/security/samba-4.0.10-CVE-2013-4475-CVE-2013-4476.patch (4.0.10)
25
upstream_samba4: released (4.0.11, 4.1.1)
26
lucid_samba4: ignored (reached end-of-life)
27
precise_samba4: ignored (reached end-of-life)
28
precise/esm_samba4: DNE (precise was needed)
29
quantal_samba4: ignored (reached end-of-life)
30
raring_samba4: ignored (reached end-of-life)
31
saucy_samba4: ignored (reached end-of-life)
35
vivid/stable-phone-overlay_samba4: DNE
36
vivid/ubuntu-core_samba4: DNE
44
upstream_samba: not-affected
45
lucid_samba: not-affected
46
precise_samba: not-affected
47
precise/esm_samba: not-affected
48
quantal_samba: not-affected
49
raring_samba: not-affected
50
saucy_samba: not-affected
51
trusty_samba: not-affected
52
utopic_samba: not-affected
53
vivid_samba: not-affected
54
vivid/stable-phone-overlay_samba: DNE
55
vivid/ubuntu-core_samba: DNE
56
wily_samba: not-affected
57
xenial_samba: not-affected
58
yakkety_samba: not-affected
59
zesty_samba: not-affected
60
devel_samba: not-affected