Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0214

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2013-0214
Last Modified 20 May 2015 09:59:05
Published 02 Feb 2013 03:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-0214

Summary

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.

Vulnerable Systems

Application

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.10

  • Samba 3.0.11

  • Samba 3.0.12

  • Samba 3.0.13

  • Samba 3.0.14

  • Samba 3.0.14a

  • Samba 3.0.15

  • Samba 3.0.16

  • Samba 3.0.17

  • Samba 3.0.18

  • Samba 3.0.19

  • Samba 3.0.2

  • Samba 3.0.20

  • Samba 3.0.20a

  • Samba 3.0.20b

  • Samba 3.0.21

  • Samba 3.0.21a

  • Samba 3.0.21b

  • Samba 3.0.21c

  • Samba 3.0.22

  • Samba 3.0.23

  • Samba 3.0.23a

  • Samba 3.0.23b

  • Samba 3.0.23c

  • Samba 3.0.23d

  • Samba 3.0.24

  • Samba 3.0.25

  • Samba 3.0.25a

  • Samba 3.0.25b

  • Samba 3.0.25c

  • Samba 3.0.26

  • Samba 3.0.26a

  • Samba 3.0.27

  • Samba 3.0.28

  • Samba 3.0.29

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.30

  • Samba 3.0.31

  • Samba 3.0.32

  • Samba 3.0.33

  • Samba 3.0.34

  • Samba 3.0.35

  • Samba 3.0.36

  • Samba 3.0.37

  • Samba 3.0.4

  • Samba 3.0.5

  • Samba 3.0.6

  • Samba 3.0.7

  • Samba 3.0.8

  • Samba 3.0.9

  • Samba 3.1

  • Samba 3.2.0

  • Samba 3.2.1

  • Samba 3.2.10

  • Samba 3.2.11

  • Samba 3.2.12

  • Samba 3.2.13

  • Samba 3.2.14

  • Samba 3.2.15

  • Samba 3.2.2

  • Samba 3.2.3

  • Samba 3.2.4

  • Samba 3.2.5

  • Samba 3.2.6

  • Samba 3.2.7

  • Samba 3.2.8

  • Samba 3.2.9

  • Samba 3.3.0

  • Samba 3.3.1

  • Samba 3.3.10

  • Samba 3.3.11

  • Samba 3.3.12

  • Samba 3.3.13

  • Samba 3.3.14

  • Samba 3.3.15

  • Samba 3.3.16

  • Samba 3.3.2

  • Samba 3.3.3

  • Samba 3.3.4

  • Samba 3.3.5

  • Samba 3.3.6

  • Samba 3.3.7

  • Samba 3.3.8

  • Samba 3.3.9

  • Samba 3.4.0

  • Samba 3.4.1

  • Samba 3.4.10

  • Samba 3.4.11

  • Samba 3.4.12

  • Samba 3.4.13

  • Samba 3.4.14

  • Samba 3.4.15

  • Samba 3.4.16

  • Samba 3.4.17

  • Samba 3.4.2

  • Samba 3.4.3

  • Samba 3.4.4

  • Samba 3.4.5

  • Samba 3.4.6

  • Samba 3.4.7

  • Samba 3.4.8

  • Samba 3.4.9

  • Samba 3.5.0

  • Samba 3.5.1

  • Samba 3.5.10

  • Samba 3.5.11

  • Samba 3.5.12

  • Samba 3.5.13

  • Samba 3.5.14

  • Samba 3.5.15

  • Samba 3.5.16

  • Samba 3.5.17

  • Samba 3.5.18

  • Samba 3.5.19

  • Samba 3.5.2

  • Samba 3.5.20

  • Samba 3.5.3

  • Samba 3.5.4

  • Samba 3.5.5

  • Samba 3.5.6

  • Samba 3.5.7

  • Samba 3.5.8

  • Samba 3.5.9

  • Samba 3.6.0

  • Samba 3.6.1

  • Samba 3.6.10

  • Samba 3.6.11

  • Samba 3.6.2

  • Samba 3.6.3

  • Samba 3.6.4

  • Samba 3.6.5

  • Samba 3.6.6

  • Samba 3.6.7

  • Samba 3.6.8

  • Samba 3.6.9

  • Samba 4.0.0

  • Samba 4.0.1


References

CONFIRM - http://www.samba.org/samba/security/CVE-2013-0214

DEBIAN - DSA-2617

SUSE - openSUSE-SU-2013:0281

SUSE - openSUSE-SU-2013:0277

SUSE - SUSE-SU-2013:0326

SUSE - SUSE-SU-2013:0519

REDHAT - RHSA-2013:1310

REDHAT - RHSA-2013:1542

REDHAT - RHSA-2014:0305

OSVDB - 89627

Related Patches

SUN119757-27 Solaris 10 SPARC: Samba patch (Rev 2)

SUN119758-27 Solaris 10 x86: Samba patch (Rev 2)


Last Updated: 27 May 2016 11:01:46