| VID |
23232 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
According to its banner, the version of Samba running on the remote host is 4.x earlier than 4.0.2 and is, therefore, potentially affected by the following vulnerabilities :
- An error exists in the SWAT interface that could allow 'clickjacking' attacks. (CVE-2013-0213, Issue #9576)
- An error exists in the SWAT interface that could allow cross-site request forgery (XSRF) attacks. (CVE-2013-0214, Issue #9577)
* Note: If this check solely relied on the version number of the remote Samba server to assess this vulnerability, then this might be a false positive.
* References:
http://www.samba.org/samba/security/CVE-2013-0213
http://www.samba.org/samba/security/CVE-2013-0214
http://www.samba.org/samba/history/samba-4.0.2.html
* Platforms Affected:
Samba Project, Samba versions 4.x before 4.0.2
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 4.0.2 or later, available from the Samba Web site at http://us1.samba.org/samba/ |
| Related URL |
CVE-2013-0213,CVE-2013-0214 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
