1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00

Add entries about CVE-2013-4475 and CVE-2013-4476 for net/samba* ports.

This commit is contained in:
Timur I. Bakeyev 2013-11-19 23:11:40 +00:00
parent 02e619a5d8
commit 5e5d7b5345
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=334362

View File

@ -51,6 +51,87 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="479efd57-516e-11e3-9b62-000c292e4fd8">
<topic>samba -- Private key in key.pem world readable</topic>
<affects>
<package>
<name>samba4</name>
<range><gt>4.0.*</gt><lt>4.0.11</lt></range>
</package>
<package>
<name>samba41</name>
<range><gt>4.1.*</gt><lt>4.1.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Samba project reports:</p>
<blockquote cite="http://www.samba.org/samba/security/CVE-2013-4476">
<p>Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is
provided over SSL, uses world-readable permissions for a private key,
which allows local users to obtain sensitive information by reading the
key file, as demonstrated by access to the local filesystem on an AD
domain controller.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-4476</cvename>
<url>http://www.samba.org/samba/security/CVE-2013-4476</url>
</references>
<dates>
<discovery>2013-06-12</discovery>
<entry>2013-11-19</entry>
</dates>
</vuln>
<vuln vid="a4f08579-516c-11e3-9b62-000c292e4fd8">
<topic>samba -- ACLs are not checked on opening an alternate data stream on a file or directory</topic>
<affects>
<package>
<name>samba34</name>
<range><gt>0</gt></range>
</package>
<package>
<name>samba35</name>
<range><gt>0</gt></range>
</package>
<package>
<name>samba36</name>
<range><gt>3.6.*</gt><lt>3.6.20</lt></range>
</package>
<package>
<name>samba4</name>
<range><gt>4.0.*</gt><lt>4.0.11</lt></range>
</package>
<package>
<name>samba41</name>
<range><gt>4.1.*</gt><lt>4.1.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Samba project reports:</p>
<blockquote cite="http://www.samba.org/samba/security/CVE-2013-4475">
<p>Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x,
3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying
file or directory ACL when opening an alternate data stream.</p>
<p>According to the SMB1 and SMB2+ protocols the ACL on an underlying
file or directory should control what access is allowed to alternate
data streams that are associated with the file or directory.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-4475</cvename>
<url>http://www.samba.org/samba/security/CVE-2013-4475</url>
</references>
<dates>
<discovery>2013-06-12</discovery>
<entry>2013-11-19</entry>
</dates>
</vuln>
<vuln vid="94b6264a-5140-11e3-8b22-f0def16c5c1b">
<topic>nginx -- Request line parsing vulnerability</topic>
<affects>