CVE-2013-0214

NameCVE-2013-0214
DescriptionCross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2617-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
samba (PTS)wheezy2:3.6.6-6+deb7u7fixed
wheezy (security)2:3.6.6-6+deb7u9fixed
jessie2:4.1.17+dfsg-2+deb8u2fixed
jessie (security)2:4.2.10+dfsg-0+deb8u2fixed
stretch, sid2:4.4.3+dfsg-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sambasource(unstable)2:3.6.6-5medium
sambasourcesqueeze2:3.5.6~dfsg-3squeeze9mediumDSA-2617-1

Search for package or bug name: Reporting problems