Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2013-011.NASL
HistoryFeb 14, 2013 - 12:00 a.m.

Mandriva Linux Security Advisory : samba (MDVSA-2013:011)

2013-02-1400:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

Multiple vulnerabilities has been found and corrected in samba (swat) :

The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element (CVE-2013-0213).

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions (CVE-2013-0214).

The updated packages have been patched to correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2013:011. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64626);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2013-0213", "CVE-2013-0214");
  script_bugtraq_id(57631);
  script_xref(name:"MDVSA", value:"2013:011");

  script_name(english:"Mandriva Linux Security Advisory : samba (MDVSA-2013:011)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been found and corrected in samba 
(swat) :

The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21,
3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to
conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element
(CVE-2013-0213).

Cross-site request forgery (CSRF) vulnerability in the Samba Web
Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before
3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the
authentication of arbitrary users by leveraging knowledge of a
password and composing requests that perform SWAT actions
(CVE-2013-0214).

The updated packages have been patched to correct these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64netapi-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64netapi0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbsharemodes0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wbclient-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnetapi-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnetapi0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbsharemodes-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbsharemodes0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwbclient-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mount-cifs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss_wins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-domainjoin-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-swat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-winbind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/02/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64netapi-devel-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64netapi0-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64smbclient0-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64smbclient0-devel-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64smbsharemodes-devel-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64smbsharemodes0-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64wbclient-devel-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64wbclient0-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libnetapi-devel-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libnetapi0-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libsmbclient0-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libsmbclient0-devel-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libsmbclient0-static-devel-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libsmbsharemodes-devel-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libsmbsharemodes0-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libwbclient-devel-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libwbclient0-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"mount-cifs-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"nss_wins-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"samba-client-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"samba-common-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"samba-doc-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"samba-domainjoin-gui-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"samba-server-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"samba-swat-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"samba-winbind-3.5.10-1.4-mdv2011.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64netapi-develp-cpe:/a:mandriva:linux:lib64netapi-devel
mandrivalinuxlib64netapi0p-cpe:/a:mandriva:linux:lib64netapi0
mandrivalinuxlib64smbclient0p-cpe:/a:mandriva:linux:lib64smbclient0
mandrivalinuxlib64smbclient0-develp-cpe:/a:mandriva:linux:lib64smbclient0-devel
mandrivalinuxlib64smbclient0-static-develp-cpe:/a:mandriva:linux:lib64smbclient0-static-devel
mandrivalinuxlib64smbsharemodes-develp-cpe:/a:mandriva:linux:lib64smbsharemodes-devel
mandrivalinuxlib64smbsharemodes0p-cpe:/a:mandriva:linux:lib64smbsharemodes0
mandrivalinuxlib64wbclient-develp-cpe:/a:mandriva:linux:lib64wbclient-devel
mandrivalinuxlib64wbclient0p-cpe:/a:mandriva:linux:lib64wbclient0
mandrivalinuxlibnetapi-develp-cpe:/a:mandriva:linux:libnetapi-devel
Rows per page:
1-10 of 281

Related

nessus 26
osv 1
openvas 30
suse 3
fedora 6
debian 1
veracode 2
redhat 3
centos 3
oraclelinux 3
ubuntu 1
cve 2
prion 2
ubuntucve 2
debiancve 2
samba 2
securityvulns 1
ics 1
nessus
nessus
Fedora 16 : samba-3.6.12-1.fc16 (2013-1716)
2013-02-13 00:00:00
Fedora 17 : samba-3.6.12-1.fc17.1 (2013-1718)
2013-02-13 00:00:00
SuSE 11.2 Security Update : Samba (SAT Patch Number 7292)
2013-02-24 00:00:00
osv
osv
samba - several issues
2013-02-02 00:00:00
openvas
openvas
Fedora Update for samba FEDORA-2013-1718
2013-02-15 00:00:00
Fedora Update for samba FEDORA-2013-1718
2013-02-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0326-1)
2021-06-09 00:00:00
suse
suse
Security update for Samba (important)
2013-03-22 15:04:30
Security update for Samba (important)
2013-02-22 17:04:27
Security update for Samba (important)
2013-02-22 16:04:20
fedora
fedora
[SECURITY] Fedora 17 Update: samba-3.6.12-1.fc17.1
2013-02-12 05:30:46
[SECURITY] Fedora 17 Update: samba4-4.0.0-60alpha18.fc17
2013-02-12 05:11:58
[SECURITY] Fedora 18 Update: samba-4.0.2-1.fc18
2013-02-12 05:06:25
debian
debian
[SECURITY] [DSA 2617-1] samba security update
2013-02-02 12:26:25
veracode
veracode
Cross-site Request Forgery (CSRF)
2019-05-02 04:58:49
Click Jacking
2019-01-15 09:01:47
redhat
redhat
(RHSA-2014:0305) Moderate: samba security update
2014-03-17 00:00:00
(RHSA-2013:1310) Moderate: samba3x security and bug fix update
2013-09-30 16:52:28
(RHSA-2013:1542) Moderate: samba security, bug fix, and enhancement update
2013-11-21 00:00:00
centos
centos
samba3x security update
2013-10-07 12:45:09
libsmbclient, samba security update
2013-11-26 13:32:51
libsmbclient, samba security update
2014-03-17 19:05:31
oraclelinux
oraclelinux
samba3x security and bug fix update
2013-10-06 00:00:00
samba security, bug fix, and enhancement update
2013-11-25 00:00:00
samba security update
2014-03-17 00:00:00
ubuntu
ubuntu
Samba vulnerabilities
2016-03-08 00:00:00
cve
cve
CVE-2013-0214
2013-02-02 20:55:00
CVE-2013-0213
2013-02-02 20:55:00
prion
prion
Cross site request forgery (csrf)
2013-02-02 20:55:00
Code injection
2013-02-02 20:55:00
ubuntucve
ubuntucve
CVE-2013-0214
2013-02-02 00:00:00
CVE-2013-0213
2013-02-02 00:00:00
debiancve
debiancve
CVE-2013-0214
2013-02-02 20:55:00
CVE-2013-0213
2013-02-02 20:55:00
samba
samba
Cross-Site Request Forgery in SWAT
2013-01-30 00:00:00
Clickjacking in SWAT
2013-01-30 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-11 00:00:00
ics
ics
Omron NS Series HMI Vulnerabilities
2019-01-31 12:00:00
JSON
Related for MANDRIVA_MDVSA-2013-011.NASL
nessus26osv1openvas30suse3fedora6debian1veracode2redhat3centos3oraclelinux3ubuntu1cve2prion2ubuntucve2debiancve2samba2securityvulns1ics1