Debian Security Advisory 2617-1

Debian Security Advisory 2617-1: Posted Feb 4, 2013; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2617-1 - Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool.; tags | advisory, web, vulnerability; systems | linux, debian; advisories | CVE-2013-0213, CVE-2013-0214; SHA-256 | 8adb38094bd8c2d175d8da25640c3dcccc8a38365ead9b6d46cc7382794d0bdb; Download | Favorite | View

Debian Security Advisory 2617-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2617-1                   security@debian.org
http://www.debian.org/security/                             Luciano Bello
February 02, 2013                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : samba
Vulnerability  : several issues
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-0213 CVE-2013-0214

Jann Horn had reported two vulnerabilities in Samba, a popular
cross-platform network file and printer sharing suite. In particular,
these vulnerabilities affect to SWAT, the Samba Web Administration Tool.

CVE-2013-0213: Clickjacking issue in SWAT
    An attacker can integrate a SWAT page into a malicious web page via a
    frame or iframe and then overlaid by other content. If an 
    authenticated valid user interacts with this malicious web page, she 
    might perform unintended changes in the Samba settings.

CVE-2013-0214: Potential Cross-site request forgery
    An attacker can persuade a valid SWAT user, who is logged in, to
    click in a malicious link and trigger arbitrary unintended changes in
    the Samba settings.

For the stable distribution (squeeze), these problems have been fixed in
version 3.5.6~dfsg-3squeeze9.

For the testing distribution (wheezy), these problems have been fixed in
version 2:3.6.6-5.

For the unstable distribution (sid), these problems have been fixed in
version 2:3.6.6-5.

We recommend that you upgrade your samba packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlENAmoACgkQQWTRs4lLtHmRtgCgi55rZbXQyGnZSmrffjeH37zV
tOUAoKKwc6/g5g2U7Heo6SF3DkegVq11
=R2Mp
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 2617-1

Debian Security Advisory 2617-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2617-1

Share This

Debian Security Advisory 2617-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems