#VU32700 Input validation error in Samba - CVE-2013-0213
Published: February 2, 2013 / Updated: July 28, 2020
Vulnerability identifier: #VU32700
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-0213
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Samba
Samba
Software vendor:
Samba
Samba
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. Per: http://capec.mitre.org/data/definitions/103.html "CAPEC-103: Clickjacking"
Remediation
Install update from vendor's website.
External links
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00029.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00033.html
- http://rhn.redhat.com/errata/RHSA-2013-1310.html
- http://rhn.redhat.com/errata/RHSA-2013-1542.html
- http://rhn.redhat.com/errata/RHSA-2014-0305.html
- http://www.debian.org/security/2013/dsa-2617
- http://www.samba.org/samba/security/CVE-2013-0213
- http://www.securityfocus.com/bid/57631
- http://www.ubuntu.com/usn/USN-2922-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993