Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-4476

EPSS 0.23% · P45
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2013-4476

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Samba ‘key.pem’本地不安全文件权限漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 Samba 4.0.11之前的4.0.x版本和4.1.1之前的4.1.x版本中存在漏洞,该漏洞源于当提供LDAP或HTTP服务时,程序对SSL的加密私钥使用全局可读权限。本地用户可通过读取key文件利用该漏洞获取敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2013-4476

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2013-4476

登录查看更多情报信息。

Same Patch Batch · n/a · 2013-11-13 · 49 CVEs total

CVE-2013-3887Microsoft Windows 辅助功能驱动程序信息泄露漏洞
CVE-2013-3908Microsoft Internet Explorer 信息泄露漏洞
CVE-2013-3910Microsoft Internet Explorer 内存损坏漏洞
CVE-2013-3915Microsoft Internet Explorer 内存损坏漏洞
CVE-2013-3916Microsoft Internet Explorer 内存损坏漏洞
CVE-2013-3917Microsoft Internet Explorer 内存损坏漏洞
CVE-2013-3940Microsoft Windows 图形设备接口整数溢出漏洞
CVE-2013-6789SilverStripe 信息泄露漏洞
CVE-2013-3914Microsoft Internet Explorer 内存损坏漏洞
CVE-2013-3898Microsoft Windows 地址损坏漏洞
CVE-2013-3905Microsoft Outlook S/MIME AIA 漏洞
CVE-2013-3869Microsoft Windows 数字签名漏洞
CVE-2013-2653SilverStripe ‘MemberLoginForm.php’信息泄露漏洞
CVE-2013-1325Microsoft Office Word堆覆盖漏洞
CVE-2013-1324Microsoft Office Word堆栈缓冲区覆盖漏洞
CVE-2013-0082Microsoft Office WPD文件格式内存损坏漏洞
CVE-2013-5330Adobe Flash Player和Adobe AIR 缓冲区溢出漏洞
CVE-2013-5329Adobe Flash Player和Adobe AIR 缓冲区溢出漏洞
CVE-2013-5328Adobe ColdFusion 权限许可和访问控制问题漏洞
CVE-2013-5326Adobe ColdFusion 跨站脚本漏洞

Showing top 20 of 49 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2013-4476

No comments yet

Leave a comment