Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

CVE-2013-0214

Status Candidate

Overview

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.

Related Files

HP Security Bulletin HPSBUX03574 1
Posted May 11, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03574 1 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause access restriction bypass, authentication bypass, Denial of Service (DoS), unauthorized access to files, access restriction bypass, or unauthorized information disclosure. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, info disclosure
systems | hpux
advisories | CVE-2013-0213, CVE-2013-0214, CVE-2013-4475, CVE-2013-4496, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299
MD5 | f01fb9a03c992de3ed9c82daad434793
Ubuntu Security Notice USN-2922-1
Posted Mar 8, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2922-1 - Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink paths. A remote attacker could use this issue to overwrite the ownership of ACLs using symlinks. Garming Sam and Douglas Bagnall discovered that the Samba internal DNS server incorrectly handled certain DNS TXT records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly obtain uninitialized memory contents. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-0213, CVE-2013-0214, CVE-2015-7560, CVE-2016-0771
MD5 | 98860463e6725dbcd67a3c7e0fe578e5
Red Hat Security Advisory 2014-0305-01
Posted Mar 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0305-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.

tags | advisory, remote, web, protocol, csrf
systems | linux, redhat
advisories | CVE-2013-0213, CVE-2013-0214, CVE-2013-4124
MD5 | 12dc7ea867e1c2cff6d59aad29d1e59f
Red Hat Security Advisory 2013-1542-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1542-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.

tags | advisory, remote, web, protocol, csrf
systems | linux, redhat
advisories | CVE-2013-0213, CVE-2013-0214, CVE-2013-4124
MD5 | 6a7383ebdc759a888e2d5c08af123088
Red Hat Security Advisory 2013-1310-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1310-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.

tags | advisory, remote, web, protocol, csrf
systems | linux, redhat
advisories | CVE-2013-0213, CVE-2013-0214, CVE-2013-4124
MD5 | dffe8b1421cf3599761ed01211221249
Mandriva Linux Security Advisory 2013-011
Posted Feb 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-011 - The Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a IFRAME element. Cross-site request forgery vulnerability in the Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, arbitrary, csrf
systems | linux, mandriva
advisories | CVE-2013-0213, CVE-2013-0214
MD5 | 1bf075c83151d2b9f90b88d0bd6c2353
Debian Security Advisory 2617-1
Posted Feb 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2617-1 - Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-0213, CVE-2013-0214
MD5 | d4a3382e09b4f3cba80c0770f719b026
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close