Mandriva Linux Security Advisory 2013-011 - The Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a IFRAME element. Cross-site request forgery vulnerability in the Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. The updated packages have been patched to correct these issues.
04551ea4e33268b80799dc1dcc4a13f0bb1553ea182fdf91b72deab12d5c99c1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:011
https://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : February 13, 2013
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in samba (swat):
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21,
3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to
conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element
(CVE-2013-0213).
Cross-site request forgery (CSRF) vulnerability in the Samba Web
Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before
3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the
authentication of arbitrary users by leveraging knowledge of a password
and composing requests that perform SWAT actions (CVE-2013-0214).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2011:
6db013b5a435ada0bd8cbf75aad579c9 2011/i586/libnetapi0-3.5.10-1.4-mdv2011.0.i586.rpm
c15352a46ae6cf6ebfdeb32c40cc0c28 2011/i586/libnetapi-devel-3.5.10-1.4-mdv2011.0.i586.rpm
fd084b90daafdb3c5a3d8e11c9a6f48e 2011/i586/libsmbclient0-3.5.10-1.4-mdv2011.0.i586.rpm
ac5b8663b8134130ed5b0e0c3317a6d0 2011/i586/libsmbclient0-devel-3.5.10-1.4-mdv2011.0.i586.rpm
5218f98832a6e3d5539d9291d4bcb9c6 2011/i586/libsmbclient0-static-devel-3.5.10-1.4-mdv2011.0.i586.rpm
ca5ec5303c853b60690bc55b8c3bb11e 2011/i586/libsmbsharemodes0-3.5.10-1.4-mdv2011.0.i586.rpm
df655d84b95e65c04094fc9de5f67374 2011/i586/libsmbsharemodes-devel-3.5.10-1.4-mdv2011.0.i586.rpm
a08232624445575b64cd150b586bdd4f 2011/i586/libwbclient0-3.5.10-1.4-mdv2011.0.i586.rpm
a2c1891f7535486078fedd3b494ea35a 2011/i586/libwbclient-devel-3.5.10-1.4-mdv2011.0.i586.rpm
9717c8ae84e8d733ab92e1e97832cb03 2011/i586/mount-cifs-3.5.10-1.4-mdv2011.0.i586.rpm
9f462089bf495a1385f9595be8f38a4b 2011/i586/nss_wins-3.5.10-1.4-mdv2011.0.i586.rpm
bda6ed4ba70f3de2c84af5cea1fb1753 2011/i586/samba-client-3.5.10-1.4-mdv2011.0.i586.rpm
fd24724fbca4f7261441d705bb4deefe 2011/i586/samba-common-3.5.10-1.4-mdv2011.0.i586.rpm
298e0b0d7f8112fcfd5389167d4aa116 2011/i586/samba-doc-3.5.10-1.4-mdv2011.0.noarch.rpm
18a97a0732bd6a325a43651772372b93 2011/i586/samba-domainjoin-gui-3.5.10-1.4-mdv2011.0.i586.rpm
d78840021cb9c2e337d351ae2a5e28f1 2011/i586/samba-server-3.5.10-1.4-mdv2011.0.i586.rpm
cfccaf5cea2f8b13c0bd11b1deb840d5 2011/i586/samba-swat-3.5.10-1.4-mdv2011.0.i586.rpm
3f8f4066d31e06245057d8c6ff220d82 2011/i586/samba-winbind-3.5.10-1.4-mdv2011.0.i586.rpm
0daa824cde5e03439510446ff051278a 2011/SRPMS/samba-3.5.10-1.4.src.rpm
Mandriva Linux 2011/X86_64:
3f044d5ee408e0dfca4e01745775157c 2011/x86_64/lib64netapi0-3.5.10-1.4-mdv2011.0.x86_64.rpm
b421666a4ec8aec341f3610e8d8afa31 2011/x86_64/lib64netapi-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm
737222348522a66313156a9ca4a4dc80 2011/x86_64/lib64smbclient0-3.5.10-1.4-mdv2011.0.x86_64.rpm
714cb04ab58729c81a636ee34b13f69c 2011/x86_64/lib64smbclient0-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm
b50f5d7e44a50af4d8864b9af6c3474e 2011/x86_64/lib64smbclient0-static-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm
8d683f397cfa3a296636c1aa2f3c04fe 2011/x86_64/lib64smbsharemodes0-3.5.10-1.4-mdv2011.0.x86_64.rpm
ba6ff1a2e120671055963982e91d6cbb 2011/x86_64/lib64smbsharemodes-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm
a60211a6f145e5a1ad5e2cf53fff00ef 2011/x86_64/lib64wbclient0-3.5.10-1.4-mdv2011.0.x86_64.rpm
db7fb0112482c2d6d876875d82783891 2011/x86_64/lib64wbclient-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm
d308c1fb14b28e7e5d11751e335850c7 2011/x86_64/mount-cifs-3.5.10-1.4-mdv2011.0.x86_64.rpm
4ecd920c885bc488f588583bafc5309c 2011/x86_64/nss_wins-3.5.10-1.4-mdv2011.0.x86_64.rpm
1e4912e503c2605396912d5b1cf7d3df 2011/x86_64/samba-client-3.5.10-1.4-mdv2011.0.x86_64.rpm
692860bddb8c29b4c6346b9f629492d7 2011/x86_64/samba-common-3.5.10-1.4-mdv2011.0.x86_64.rpm
2a9cd80a395684648cf39a87be91e1a6 2011/x86_64/samba-doc-3.5.10-1.4-mdv2011.0.noarch.rpm
0709f4f6c4d558988c91c53f81ec2019 2011/x86_64/samba-domainjoin-gui-3.5.10-1.4-mdv2011.0.x86_64.rpm
f7a2b292435ddcc9dd65cb8cf8fbb1dc 2011/x86_64/samba-server-3.5.10-1.4-mdv2011.0.x86_64.rpm
cb7b14c758d14c66a386c0b12a88f2a9 2011/x86_64/samba-swat-3.5.10-1.4-mdv2011.0.x86_64.rpm
2d2454f87d6a3abeb2c3425cb7cd0444 2011/x86_64/samba-winbind-3.5.10-1.4-mdv2011.0.x86_64.rpm
0daa824cde5e03439510446ff051278a 2011/SRPMS/samba-3.5.10-1.4.src.rpm
Mandriva Enterprise Server 5:
be19a4f4a8b74f24e1aa7f67f63f571c mes5/i586/libnetapi0-3.3.12-0.11mdvmes5.2.i586.rpm
10f5accdadbef81987db876c4de5dead mes5/i586/libnetapi-devel-3.3.12-0.11mdvmes5.2.i586.rpm
a81f1317b39c476f799ad590aac319de mes5/i586/libsmbclient0-3.3.12-0.11mdvmes5.2.i586.rpm
7bfa0d6c08099da0e636daa65df26776 mes5/i586/libsmbclient0-devel-3.3.12-0.11mdvmes5.2.i586.rpm
89c58c63ab9372bd72af479c50d95c44 mes5/i586/libsmbclient0-static-devel-3.3.12-0.11mdvmes5.2.i586.rpm
3a0fdb0a5482e8422fe045b374f1708f mes5/i586/libsmbsharemodes0-3.3.12-0.11mdvmes5.2.i586.rpm
d311c9ac3ede016b5e372a22c52c70fd mes5/i586/libsmbsharemodes-devel-3.3.12-0.11mdvmes5.2.i586.rpm
503c8aa874af178408c8fd970d4db84d mes5/i586/libtalloc1-3.3.12-0.11mdvmes5.2.i586.rpm
50bfda07dcea421f9470885c83ef17c7 mes5/i586/libtalloc-devel-3.3.12-0.11mdvmes5.2.i586.rpm
30e840ed8ea8854181a1428a4eb5e020 mes5/i586/libtdb1-3.3.12-0.11mdvmes5.2.i586.rpm
de440f6cbcd2a9ad6e84dd25b986a16d mes5/i586/libtdb-devel-3.3.12-0.11mdvmes5.2.i586.rpm
b1eb0d27b547e9b7b4ea073d58862d5d mes5/i586/libwbclient0-3.3.12-0.11mdvmes5.2.i586.rpm
839e95288699fc4c2b1a7c9cb571332f mes5/i586/libwbclient-devel-3.3.12-0.11mdvmes5.2.i586.rpm
5c69caa8d771b991694e1c8e60b92e59 mes5/i586/mount-cifs-3.3.12-0.11mdvmes5.2.i586.rpm
9b71cab4d3885f70b45e0c00565659df mes5/i586/nss_wins-3.3.12-0.11mdvmes5.2.i586.rpm
ac9a03903932ec6b5d7d2e55838a44d6 mes5/i586/samba-client-3.3.12-0.11mdvmes5.2.i586.rpm
ce5892a23c0fd1d918a28755f610c18e mes5/i586/samba-common-3.3.12-0.11mdvmes5.2.i586.rpm
3a90bdf522a33011b30af17f4f14c7ef mes5/i586/samba-doc-3.3.12-0.11mdvmes5.2.i586.rpm
6ffa2ac33dae9b28ed9ba2245e1c36d5 mes5/i586/samba-server-3.3.12-0.11mdvmes5.2.i586.rpm
42d7e185c0de24f19e41b621184ffad2 mes5/i586/samba-swat-3.3.12-0.11mdvmes5.2.i586.rpm
783f7b52940f8f11c56f8b7a97f39f30 mes5/i586/samba-winbind-3.3.12-0.11mdvmes5.2.i586.rpm
35d2ee499ef3df0bb9373d071d0693d4 mes5/SRPMS/samba-3.3.12-0.11mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
39fc6cdd82c1a7b3080b91f99244c670 mes5/x86_64/lib64netapi0-3.3.12-0.11mdvmes5.2.x86_64.rpm
ae253c529c53dcb9707f8dea9a771eba mes5/x86_64/lib64netapi-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
29676178fe82b68c035835f83031cdfb mes5/x86_64/lib64smbclient0-3.3.12-0.11mdvmes5.2.x86_64.rpm
f75dbfe5488dfaab26a79051e7c2fc03 mes5/x86_64/lib64smbclient0-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
9c2560d04d3d78be84c82828412015dd mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
fbf1eef5913ba47abd8ac6ae5a262b0e mes5/x86_64/lib64smbsharemodes0-3.3.12-0.11mdvmes5.2.x86_64.rpm
cad5fe7fc36b6a1b162b1678182d5dba mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
db7c7d6d6f6171d94c99306aa84a1828 mes5/x86_64/lib64talloc1-3.3.12-0.11mdvmes5.2.x86_64.rpm
08360d58c1a9c653ebfb8cf53706a620 mes5/x86_64/lib64talloc-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
15f0c69ed8198ff18deef06e2ff940e5 mes5/x86_64/lib64tdb1-3.3.12-0.11mdvmes5.2.x86_64.rpm
77a224b2c614b7e049afdf32e93ab9c1 mes5/x86_64/lib64tdb-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
25e205ed9f03543ad3c2dd21213b2e37 mes5/x86_64/lib64wbclient0-3.3.12-0.11mdvmes5.2.x86_64.rpm
09879e87b061583c84a79a43a8d85667 mes5/x86_64/lib64wbclient-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
d3406c522d5b102857ad175cacb6fb67 mes5/x86_64/mount-cifs-3.3.12-0.11mdvmes5.2.x86_64.rpm
97a012362587a935db7a56db17821866 mes5/x86_64/nss_wins-3.3.12-0.11mdvmes5.2.x86_64.rpm
a3e03c2adcd914dc95f1b71e80755056 mes5/x86_64/samba-client-3.3.12-0.11mdvmes5.2.x86_64.rpm
826b735f11155e5a0844f1f61cfb5b90 mes5/x86_64/samba-common-3.3.12-0.11mdvmes5.2.x86_64.rpm
479cdc218b631aea27be2ce973fff469 mes5/x86_64/samba-doc-3.3.12-0.11mdvmes5.2.x86_64.rpm
1294d3d23b3a9dff87710d0866268022 mes5/x86_64/samba-server-3.3.12-0.11mdvmes5.2.x86_64.rpm
4b2facee8d95e35bb4b379064ed9028e mes5/x86_64/samba-swat-3.3.12-0.11mdvmes5.2.x86_64.rpm
4923ee42187ce395a15d35494904c99f mes5/x86_64/samba-winbind-3.3.12-0.11mdvmes5.2.x86_64.rpm
35d2ee499ef3df0bb9373d071d0693d4 mes5/SRPMS/samba-3.3.12-0.11mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFRG3AfmqjQ0CJFipgRAjXeAKCeNQY4c0FiPWj5o775On9qa9YJJgCg3E9g
aVdWPexeS13orNHBVppHHV8=
=r9Nx
-----END PGP SIGNATURE-----