Articles / Debian: Security update for...

Debian: Security update for Samba

Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool. An attacker can integrate a SWAT page into a malicious web page via a frame or iframe and then overlaid by other content. If an authenticated valid user interacts with this malicious web page, she might perform unintended changes in the Samba settings. An attacker can persuade a valid SWAT user, who is logged in, to click in a malicious link and trigger arbitrary unintended changes in the Samba settings.

Updated packages are available from security.debian.org.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2617-1                   security@debian.org
http://www.debian.org/security/                             Luciano Bello
February 02, 2013                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : samba
Vulnerability  : several issues
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-0213 CVE-2013-0214

Jann Horn had reported two vulnerabilities in Samba, a popular
cross-platform network file and printer sharing suite. In particular,
these vulnerabilities affect to SWAT, the Samba Web Administration Tool.

CVE-2013-0213: Clickjacking issue in SWAT
   An attacker can integrate a SWAT page into a malicious web page via a
   frame or iframe and then overlaid by other content. If an 
   authenticated valid user interacts with this malicious web page, she 
   might perform unintended changes in the Samba settings.

CVE-2013-0214: Potential Cross-site request forgery
   An attacker can persuade a valid SWAT user, who is logged in, to
   click in a malicious link and trigger arbitrary unintended changes in
   the Samba settings.

For the stable distribution (squeeze), these problems have been fixed in
version 3.5.6~dfsg-3squeeze9.

For the testing distribution (wheezy), these problems have been fixed in
version 2:3.6.6-5.

For the unstable distribution (sid), these problems have been fixed in
version 2:3.6.6-5.

We recommend that you upgrade your samba packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlENAmoACgkQQWTRs4lLtHmRtgCgi55rZbXQyGnZSmrffjeH37zV
tOUAoKKwc6/g5g2U7Heo6SF3DkegVq11
=R2Mp
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

PHP DataGrid

A simple but powerful tool for generating data-bound grid control.

Screenshot

Project Spotlight

FastFlow

A multi-core programming framework.