PT-2010-5672 · Samba+4 · Samba+4

Jann Horn

Published

1970-01-01

Updated

2024-06-15

CVE-2013-0213

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Samba versions 3.0.33 Samba versions prior to 3.5.21 Samba versions prior to 3.6.12 Samba versions prior to 4.0.2

Description The issue concerns multiple vulnerabilities in the Samba software, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the Samba Web Administration Tool (SWAT) is affected, allowing remote attackers to conduct clickjacking attacks via a FRAME or IFRAME element.

Recommendations For Samba versions 3.0.33, consider disabling the SWAT tool until a patch is available. For Samba versions prior to 3.5.21, update to version 3.5.21 or later. For Samba versions prior to 3.6.12, update to version 3.6.12 or later. For Samba versions prior to 4.0.2, update to version 4.0.2 or later. As a temporary workaround, restrict access to the vulnerable components to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-04392

BDU:2015-04393

BDU:2015-06051

BDU:2015-06052

BDU:2015-06324

BDU:2015-06326

BDU:2015-06507

BDU:2015-06512

BDU:2015-06517

BDU:2015-06525

BDU:2015-08944

BDU:2015-08945

BDU:2015-08946

BDU:2015-08947

BDU:2015-08948

CESA-2013_1542

CVE-2013-0213

DSA-2617-1

ECHO-0067-F8B0-4255

OPENSUSE-SU-2024:10069-1

RHSA-2013:1310

RHSA-2013:1542

RHSA-2013_1310

RHSA-2013_1542

RHSA-2014:0305

RHSA-2014_0305

SUSE-SU-2013_0325-1

SUSE-SU-2013_0326-1

SUSE-SU-2013_0519-1

SUSE-SU-2015:0386-1

USN-2922-1

Affected Products

Centos

Red Hat

Samba

Suse

Ubuntu

PT-2010-5672 · Samba+4 · Samba+4

CVE-2013-0213

Weakness Enumeration

Related Identifiers

Affected Products

References · 98