1. CVE-Search
  2. CVE-2013-4425
ID CVE-2013-4425
Summary The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key. According to several reference links Osirix MD before 2.8 are vulnerable http://www.securityfocus.com/bid/63566/discuss http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html
References
Vulnerable Configurations
  • cpe:2.3:a:osirix-viewer:osirix:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:2.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:3.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:3.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:3.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:5.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:5.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix:5.7:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix:5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:osirix-viewer:osirix_md:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:osirix-viewer:osirix_md:2.7:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 29-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:N/A:N
refmap via4
bid 63566
bugtraq 20131106 CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)
osvdb 99518
xf osirix-cve20134425-info-disc(88606)
Last major update 29-08-2017 - 01:33
Published 18-11-2013 - 02:55
Last modified 29-08-2017 - 01:33
Back to Top