Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Samba 3.x < 3.5.21 / 3.6.12 and 4.x < 4.0.2 SWAT Multiple Vulnerabilities (deprecated)

Medium

Synopsis

The remote Samba server is affected by multiple vulnerabilities

Description

According to its banner, the version of Samba 3.x or 4.x running on the remote host is earlier than 3.5.21 / 3.6.12 or 4.0.2. It is, therefore, affected by the following vulnerabilities :

- An error exists in the SWAT interface that could allow 'clickjacking' attacks. (CVE-2013-0213, Issue #9576)

- An error exists in the SWAT interface that could allow cross-site request forgery (XSRF) attacks. (CVE-2013-0214, Issue #9577)

Note that these issues are only exploitable when SWAT is enabled and it is not enabled by default.

Solution

Either install the appropriate patch referenced in the project's advisory or upgrade to 3.5.21 / 3.6.12 / 4.0.2 or later