Scientific Linux Security Update : samba on SL5.x i386/x86_64

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

It was discovered that the Samba Web Administration Tool (SWAT) did
not protect against being opened in a web page frame. A remote
attacker could possibly use this flaw to conduct a clickjacking attack
against SWAT users or users with an active SWAT session.

A flaw was found in the Cross-Site Request Forgery (CSRF) protection
mechanism implemented in SWAT. An attacker with the knowledge of a
victim's password could use this flaw to bypass CSRF protections and
conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214)

An integer overflow flaw was found in the way Samba handled an
Extended Attribute (EA) list provided by a client. A malicious client
could send a specially crafted EA list that triggered an overflow,
causing the server to loop and reprocess the list using an excessive
amount of memory. (CVE-2013-4124)

Note: This issue did not affect the default configuration of the Samba

After installing this update, the smb service will be restarted

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 73074 ()

Bugtraq ID:

CVE ID: CVE-2013-0213