Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool. CVE-2013-0213: Clickjacking issue in SWAT An attacker can integrate a SWAT page into a malicious web page via a frame or iframe and then overlaid by other content. If an authenticated valid user interacts with this malicious web page, she might perform unintended changes in the Samba settings. CVE-2013-0214: Potential Cross-site request forgery An attacker can persuade a valid SWAT user, who is logged in as root, to click in a malicious link and trigger arbitrary unintended changes in the Samba settings. In order to be vulnerable, the attacker needs to know the victim's password. For the stable distribution (squeeze), these problems have been fixed in version 2:3.5.6~dfsg-3squeeze9. For the testing distribution (wheezy), these problems have been fixed in version 2:3.6.6-5. For the unstable distribution (sid), these problems have been fixed in version 2:3.6.6-5. We recommend that you upgrade your samba packages.
Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool.
An attacker can integrate a SWAT page into a malicious web page via a frame or iframe and then overlaid by other content. If an authenticated valid user interacts with this malicious web page, she might perform unintended changes in the Samba settings.
An attacker can persuade a valid SWAT user, who is logged in as root, to click in a malicious link and trigger arbitrary unintended changes in the Samba settings. In order to be vulnerable, the attacker needs to know the victim's password.
For the stable distribution (squeeze), these problems have been fixed in version 2:3.5.6~dfsg-3squeeze9.
For the testing distribution (wheezy), these problems have been fixed in version 2:3.6.6-5.
For the unstable distribution (sid), these problems have been fixed in version 2:3.6.6-5.
We recommend that you upgrade your samba packages.
Vulmon