Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Samba ‘key.pem’本地不安全文件权限漏洞
Vulnerability Description
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 Samba 4.0.11之前的4.0.x版本和4.1.1之前的4.1.x版本中存在漏洞,该漏洞源于当提供LDAP或HTTP服务时,程序对SSL的加密私钥使用全局可读权限。本地用户可通过读取key文件利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A