CVE-2013-4425

Published Nov 18, 2013
Last updated 7 years ago
CVSS info 1.9
Overview

Description: The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.
Source: secalert@redhat.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 1.9
Impact score: 2.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-255
Hype score: Not currently trending
Evaluator

Comment: According to several reference links Osirix MD before 2.8 are vulnerable http://www.securityfocus.com/bid/63566/discuss http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html
Impact: -
Solution: -
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ACA57B1-0AE6-4E58-A7C2-5B46DF2B0D46",
            "versionEndIncluding": "5.7"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "631075E1-6A87-4A2D-A3EA-C3DBA963F8F1"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "981FC72F-2DCA-4D7E-8CDF-9ED2AB2F0474"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD7E9F6E-4E6F-4979-BEDF-18F92412623E"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAA1942D-169B-4B5B-AE4B-F842BA7ADF8B"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "760D1BA0-2018-4DB2-9426-A4E9EA634A49"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2AB9703-567E-435E-A022-DF0A5292CE26"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96802751-1914-40DA-AEB8-CED296A751A1"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7CF62F8-F92C-4B52-A3BF-63C377688B44"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0210D44-C254-4467-90FB-C7CC370F50FE"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88EDF921-80B6-4F7F-A93B-0049D6F051BD"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "697FBDAC-6A72-4BCD-B787-AB0FC2D718D7"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "465C5E82-3B85-478C-B471-C00F4388686A"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "867BFEA0-F910-4D99-B10E-1E46AF074339"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "306F9D56-21B3-4A97-9C36-85092D534C84"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "852F304B-89AD-40C5-8050-7B8F2A9E1B70"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED266897-E426-4BEC-A4D9-D9802277EB6A"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:1.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFA8659D-175A-4A46-A426-0BC47C12C169"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "167E5338-D231-4EFF-B66C-565A93B3855B"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0160C3FC-6BFC-4323-BD06-CE177CD92431"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96D8F007-7A4C-4D61-8EC2-B99FCF7A4CE1"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3584D9B-3F0D-4A2E-B971-B3732AFEAA98"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A68C0BB7-E405-49E1-A43C-24E9C6E9AFC8"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B924D71-358B-4D97-845A-DA1D7B89A242"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "181C32F3-C620-493B-98CC-FF792BD34FFC"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB80517C-82E8-4D4D-9921-C89D9D15EE10"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:2.7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "094B03AB-2C13-46CB-8C4A-759A97BA5AF9"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0ED8E46-A943-4D27-9B66-96206A12CD99"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67B25A19-9112-44FE-B877-4F6159476EA1"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DC6606E-BD41-4AE3-87CE-A1F3B0EABD8B"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96B8A72A-8239-430C-8F69-E94A9540E8FE"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDC3A980-7E84-4960-8FA3-A21D786A8ECD"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAD5D0CD-9688-409E-A9A9-BE3B75775EC9"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:3.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27EFD0EE-3BC1-4269-9FE5-20B12D0B3BB4"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:3.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "877E8EE1-7A54-4D0E-BAC4-A08F3E483CA2"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:3.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "872EADD2-FD26-4B3E-BFE5-003A415C8761"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FB7942E-C334-41B8-B3E0-C86FDD45C250"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA5FD5A4-5F88-49BA-B752-E56CD247A2AD"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6EE898E-365C-4C89-8889-ED14AC1000AC"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:5.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A8DF990-449D-43E8-8E4E-EF1B1EE82AC3"
          },
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix:5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BBD6CF2-A7C4-4F8C-B3A2-51BC54B73598"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:osirix-viewer:osirix_md:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83BAC0F7-4CDA-4D8F-ADBD-FF01647A58C8",
            "versionEndIncluding": "2.7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References
