Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2013:011 | First vendor Publication | 2013-02-13 |
Vendor | Mandriva | Last vendor Modification | 2013-02-13 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.1 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been found and corrected in samba (swat): The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element (CVE-2013-0213). Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions (CVE-2013-0214). The updated packages have been patched to correct these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:011 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18555 | |||
Oval ID: | oval:org.mitre.oval:def:18555 | ||
Title: | DSA-2617-1 samba - several issues | ||
Description: | Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2617-1 CVE-2013-0213 CVE-2013-0214 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | samba |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2922-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0723-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-0325-1.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_samba_20130521.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1542.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1310.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-107.nasl - Type : ACT_GATHER_INFO |
2014-03-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0305.nasl - Type : ACT_GATHER_INFO |
2014-03-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0305.nasl - Type : ACT_GATHER_INFO |
2014-03-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0305.nasl - Type : ACT_GATHER_INFO |
2014-03-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140317_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-12-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131121_samba_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-11-27 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1542.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1542.nasl - Type : ACT_GATHER_INFO |
2013-10-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130930_samba3x_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-10-09 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1310.nasl - Type : ACT_GATHER_INFO |
2013-10-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1310.nasl - Type : ACT_GATHER_INFO |
2013-02-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cifs-mount-130131.nasl - Type : ACT_GATHER_INFO |
2013-02-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-8449.nasl - Type : ACT_GATHER_INFO |
2013-02-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-011.nasl - Type : ACT_GATHER_INFO |
2013-02-13 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1718.nasl - Type : ACT_GATHER_INFO |
2013-02-13 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1716.nasl - Type : ACT_GATHER_INFO |
2013-02-13 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1667.nasl - Type : ACT_GATHER_INFO |
2013-02-13 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1654.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2617.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote Samba server is affected by multiple vulnerabilities. File : samba_4_0_2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:43:17 |
|
2013-02-13 17:19:03 |
|