Samba 3.x < 3.5.21 / 3.6.12 and 4.x < 4.0.2 SWAT Multiple Vulnerabilities (deprecated)

Medium Nessus Network Monitor Plugin ID 6686


The remote Samba server is affected by multiple vulnerabilities


According to its banner, the version of Samba 3.x or 4.x running on the remote host is earlier than 3.5.21 / 3.6.12 or 4.0.2. It is, therefore, affected by the following vulnerabilities :

- An error exists in the SWAT interface that could allow 'clickjacking' attacks. (CVE-2013-0213, Issue #9576)

- An error exists in the SWAT interface that could allow cross-site request forgery (XSRF) attacks. (CVE-2013-0214, Issue #9577)

Note that these issues are only exploitable when SWAT is enabled and it is not enabled by default.


Either install the appropriate patch referenced in the project's advisory or upgrade to 3.5.21 / 3.6.12 / 4.0.2 or later

See Also

Plugin Details

Severity: Medium

ID: 6686

Family: Samba

Published: 2012/02/07

Updated: 2019/03/06

Dependencies: 8740, 8741

Nessus ID: 64459

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Patch Publication Date: 2012/01/30

Vulnerability Publication Date: 2013/01/30

Reference Information

CVE: CVE-2013-0213, CVE-2013-0214

BID: 57631