-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:011 http://www.mandriva.com/security/ _______________________________________________________________________ Package : samba Date : February 13, 2013 Affected: 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in samba (swat): The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element (CVE-2013-0213). Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions (CVE-2013-0214). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214 _______________________________________________________________________ Updated Packages: Mandriva Linux 2011: 6db013b5a435ada0bd8cbf75aad579c9 2011/i586/libnetapi0-3.5.10-1.4-mdv2011.0.i586.rpm c15352a46ae6cf6ebfdeb32c40cc0c28 2011/i586/libnetapi-devel-3.5.10-1.4-mdv2011.0.i586.rpm fd084b90daafdb3c5a3d8e11c9a6f48e 2011/i586/libsmbclient0-3.5.10-1.4-mdv2011.0.i586.rpm ac5b8663b8134130ed5b0e0c3317a6d0 2011/i586/libsmbclient0-devel-3.5.10-1.4-mdv2011.0.i586.rpm 5218f98832a6e3d5539d9291d4bcb9c6 2011/i586/libsmbclient0-static-devel-3.5.10-1.4-mdv2011.0.i586.rpm ca5ec5303c853b60690bc55b8c3bb11e 2011/i586/libsmbsharemodes0-3.5.10-1.4-mdv2011.0.i586.rpm df655d84b95e65c04094fc9de5f67374 2011/i586/libsmbsharemodes-devel-3.5.10-1.4-mdv2011.0.i586.rpm a08232624445575b64cd150b586bdd4f 2011/i586/libwbclient0-3.5.10-1.4-mdv2011.0.i586.rpm a2c1891f7535486078fedd3b494ea35a 2011/i586/libwbclient-devel-3.5.10-1.4-mdv2011.0.i586.rpm 9717c8ae84e8d733ab92e1e97832cb03 2011/i586/mount-cifs-3.5.10-1.4-mdv2011.0.i586.rpm 9f462089bf495a1385f9595be8f38a4b 2011/i586/nss_wins-3.5.10-1.4-mdv2011.0.i586.rpm bda6ed4ba70f3de2c84af5cea1fb1753 2011/i586/samba-client-3.5.10-1.4-mdv2011.0.i586.rpm fd24724fbca4f7261441d705bb4deefe 2011/i586/samba-common-3.5.10-1.4-mdv2011.0.i586.rpm 298e0b0d7f8112fcfd5389167d4aa116 2011/i586/samba-doc-3.5.10-1.4-mdv2011.0.noarch.rpm 18a97a0732bd6a325a43651772372b93 2011/i586/samba-domainjoin-gui-3.5.10-1.4-mdv2011.0.i586.rpm d78840021cb9c2e337d351ae2a5e28f1 2011/i586/samba-server-3.5.10-1.4-mdv2011.0.i586.rpm cfccaf5cea2f8b13c0bd11b1deb840d5 2011/i586/samba-swat-3.5.10-1.4-mdv2011.0.i586.rpm 3f8f4066d31e06245057d8c6ff220d82 2011/i586/samba-winbind-3.5.10-1.4-mdv2011.0.i586.rpm 0daa824cde5e03439510446ff051278a 2011/SRPMS/samba-3.5.10-1.4.src.rpm Mandriva Linux 2011/X86_64: 3f044d5ee408e0dfca4e01745775157c 2011/x86_64/lib64netapi0-3.5.10-1.4-mdv2011.0.x86_64.rpm b421666a4ec8aec341f3610e8d8afa31 2011/x86_64/lib64netapi-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm 737222348522a66313156a9ca4a4dc80 2011/x86_64/lib64smbclient0-3.5.10-1.4-mdv2011.0.x86_64.rpm 714cb04ab58729c81a636ee34b13f69c 2011/x86_64/lib64smbclient0-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm b50f5d7e44a50af4d8864b9af6c3474e 2011/x86_64/lib64smbclient0-static-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm 8d683f397cfa3a296636c1aa2f3c04fe 2011/x86_64/lib64smbsharemodes0-3.5.10-1.4-mdv2011.0.x86_64.rpm ba6ff1a2e120671055963982e91d6cbb 2011/x86_64/lib64smbsharemodes-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm a60211a6f145e5a1ad5e2cf53fff00ef 2011/x86_64/lib64wbclient0-3.5.10-1.4-mdv2011.0.x86_64.rpm db7fb0112482c2d6d876875d82783891 2011/x86_64/lib64wbclient-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm d308c1fb14b28e7e5d11751e335850c7 2011/x86_64/mount-cifs-3.5.10-1.4-mdv2011.0.x86_64.rpm 4ecd920c885bc488f588583bafc5309c 2011/x86_64/nss_wins-3.5.10-1.4-mdv2011.0.x86_64.rpm 1e4912e503c2605396912d5b1cf7d3df 2011/x86_64/samba-client-3.5.10-1.4-mdv2011.0.x86_64.rpm 692860bddb8c29b4c6346b9f629492d7 2011/x86_64/samba-common-3.5.10-1.4-mdv2011.0.x86_64.rpm 2a9cd80a395684648cf39a87be91e1a6 2011/x86_64/samba-doc-3.5.10-1.4-mdv2011.0.noarch.rpm 0709f4f6c4d558988c91c53f81ec2019 2011/x86_64/samba-domainjoin-gui-3.5.10-1.4-mdv2011.0.x86_64.rpm f7a2b292435ddcc9dd65cb8cf8fbb1dc 2011/x86_64/samba-server-3.5.10-1.4-mdv2011.0.x86_64.rpm cb7b14c758d14c66a386c0b12a88f2a9 2011/x86_64/samba-swat-3.5.10-1.4-mdv2011.0.x86_64.rpm 2d2454f87d6a3abeb2c3425cb7cd0444 2011/x86_64/samba-winbind-3.5.10-1.4-mdv2011.0.x86_64.rpm 0daa824cde5e03439510446ff051278a 2011/SRPMS/samba-3.5.10-1.4.src.rpm Mandriva Enterprise Server 5: be19a4f4a8b74f24e1aa7f67f63f571c mes5/i586/libnetapi0-3.3.12-0.11mdvmes5.2.i586.rpm 10f5accdadbef81987db876c4de5dead mes5/i586/libnetapi-devel-3.3.12-0.11mdvmes5.2.i586.rpm a81f1317b39c476f799ad590aac319de mes5/i586/libsmbclient0-3.3.12-0.11mdvmes5.2.i586.rpm 7bfa0d6c08099da0e636daa65df26776 mes5/i586/libsmbclient0-devel-3.3.12-0.11mdvmes5.2.i586.rpm 89c58c63ab9372bd72af479c50d95c44 mes5/i586/libsmbclient0-static-devel-3.3.12-0.11mdvmes5.2.i586.rpm 3a0fdb0a5482e8422fe045b374f1708f mes5/i586/libsmbsharemodes0-3.3.12-0.11mdvmes5.2.i586.rpm d311c9ac3ede016b5e372a22c52c70fd mes5/i586/libsmbsharemodes-devel-3.3.12-0.11mdvmes5.2.i586.rpm 503c8aa874af178408c8fd970d4db84d mes5/i586/libtalloc1-3.3.12-0.11mdvmes5.2.i586.rpm 50bfda07dcea421f9470885c83ef17c7 mes5/i586/libtalloc-devel-3.3.12-0.11mdvmes5.2.i586.rpm 30e840ed8ea8854181a1428a4eb5e020 mes5/i586/libtdb1-3.3.12-0.11mdvmes5.2.i586.rpm de440f6cbcd2a9ad6e84dd25b986a16d mes5/i586/libtdb-devel-3.3.12-0.11mdvmes5.2.i586.rpm b1eb0d27b547e9b7b4ea073d58862d5d mes5/i586/libwbclient0-3.3.12-0.11mdvmes5.2.i586.rpm 839e95288699fc4c2b1a7c9cb571332f mes5/i586/libwbclient-devel-3.3.12-0.11mdvmes5.2.i586.rpm 5c69caa8d771b991694e1c8e60b92e59 mes5/i586/mount-cifs-3.3.12-0.11mdvmes5.2.i586.rpm 9b71cab4d3885f70b45e0c00565659df mes5/i586/nss_wins-3.3.12-0.11mdvmes5.2.i586.rpm ac9a03903932ec6b5d7d2e55838a44d6 mes5/i586/samba-client-3.3.12-0.11mdvmes5.2.i586.rpm ce5892a23c0fd1d918a28755f610c18e mes5/i586/samba-common-3.3.12-0.11mdvmes5.2.i586.rpm 3a90bdf522a33011b30af17f4f14c7ef mes5/i586/samba-doc-3.3.12-0.11mdvmes5.2.i586.rpm 6ffa2ac33dae9b28ed9ba2245e1c36d5 mes5/i586/samba-server-3.3.12-0.11mdvmes5.2.i586.rpm 42d7e185c0de24f19e41b621184ffad2 mes5/i586/samba-swat-3.3.12-0.11mdvmes5.2.i586.rpm 783f7b52940f8f11c56f8b7a97f39f30 mes5/i586/samba-winbind-3.3.12-0.11mdvmes5.2.i586.rpm 35d2ee499ef3df0bb9373d071d0693d4 mes5/SRPMS/samba-3.3.12-0.11mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 39fc6cdd82c1a7b3080b91f99244c670 mes5/x86_64/lib64netapi0-3.3.12-0.11mdvmes5.2.x86_64.rpm ae253c529c53dcb9707f8dea9a771eba mes5/x86_64/lib64netapi-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm 29676178fe82b68c035835f83031cdfb mes5/x86_64/lib64smbclient0-3.3.12-0.11mdvmes5.2.x86_64.rpm f75dbfe5488dfaab26a79051e7c2fc03 mes5/x86_64/lib64smbclient0-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm 9c2560d04d3d78be84c82828412015dd mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm fbf1eef5913ba47abd8ac6ae5a262b0e mes5/x86_64/lib64smbsharemodes0-3.3.12-0.11mdvmes5.2.x86_64.rpm cad5fe7fc36b6a1b162b1678182d5dba mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm db7c7d6d6f6171d94c99306aa84a1828 mes5/x86_64/lib64talloc1-3.3.12-0.11mdvmes5.2.x86_64.rpm 08360d58c1a9c653ebfb8cf53706a620 mes5/x86_64/lib64talloc-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm 15f0c69ed8198ff18deef06e2ff940e5 mes5/x86_64/lib64tdb1-3.3.12-0.11mdvmes5.2.x86_64.rpm 77a224b2c614b7e049afdf32e93ab9c1 mes5/x86_64/lib64tdb-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm 25e205ed9f03543ad3c2dd21213b2e37 mes5/x86_64/lib64wbclient0-3.3.12-0.11mdvmes5.2.x86_64.rpm 09879e87b061583c84a79a43a8d85667 mes5/x86_64/lib64wbclient-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm d3406c522d5b102857ad175cacb6fb67 mes5/x86_64/mount-cifs-3.3.12-0.11mdvmes5.2.x86_64.rpm 97a012362587a935db7a56db17821866 mes5/x86_64/nss_wins-3.3.12-0.11mdvmes5.2.x86_64.rpm a3e03c2adcd914dc95f1b71e80755056 mes5/x86_64/samba-client-3.3.12-0.11mdvmes5.2.x86_64.rpm 826b735f11155e5a0844f1f61cfb5b90 mes5/x86_64/samba-common-3.3.12-0.11mdvmes5.2.x86_64.rpm 479cdc218b631aea27be2ce973fff469 mes5/x86_64/samba-doc-3.3.12-0.11mdvmes5.2.x86_64.rpm 1294d3d23b3a9dff87710d0866268022 mes5/x86_64/samba-server-3.3.12-0.11mdvmes5.2.x86_64.rpm 4b2facee8d95e35bb4b379064ed9028e mes5/x86_64/samba-swat-3.3.12-0.11mdvmes5.2.x86_64.rpm 4923ee42187ce395a15d35494904c99f mes5/x86_64/samba-winbind-3.3.12-0.11mdvmes5.2.x86_64.rpm 35d2ee499ef3df0bb9373d071d0693d4 mes5/SRPMS/samba-3.3.12-0.11mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFRG3AfmqjQ0CJFipgRAjXeAKCeNQY4c0FiPWj5o775On9qa9YJJgCg3E9g aVdWPexeS13orNHBVppHHV8= =r9Nx -----END PGP SIGNATURE-----
