CVE-2013-0214

Name of the Vulnerable Software and Affected Versions Samba versions 3.x through 3.5.20 Samba versions 3.6.x through 3.6.11 Samba versions 4.x through 4.0.1

Description A cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. Multiple vulnerabilities in Samba packages may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Samba versions 3.x through 3.5.20, update to version 3.5.21 or later. For Samba versions 3.6.x through 3.6.11, update to version 3.6.12 or later. For Samba versions 4.x through 4.0.1, update to version 4.0.2 or later. As a temporary workaround, consider disabling the SWAT service until a patch is available. Restrict access to the Samba Web Administration Tool to minimize the risk of exploitation.