CVE-2013-0214
Published: 2 February 2013
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
Notes
Author | Note |
---|---|
mdeslaur | swat is in universe |
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(2:3.6.3-2ubuntu2.17)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Not vulnerable
(2:3.6.9-1ubuntu1)
|
|
saucy |
Not vulnerable
(2:3.6.15-1ubuntu1)
|
|
trusty |
Not vulnerable
(2:3.6.15-1ubuntu1)
|
|
upstream |
Released
(2:3.6.6-5)
|
|
utopic |
Not vulnerable
(2:3.6.15-1ubuntu1)
|
|
vivid |
Not vulnerable
(2:3.6.15-1ubuntu1)
|
|
wily |
Not vulnerable
(2:3.6.15-1ubuntu1)
|
|
xenial |
Not vulnerable
(2:3.6.15-1ubuntu1)
|
|
yakkety |
Not vulnerable
(2:3.6.15-1ubuntu1)
|
|
zesty |
Not vulnerable
(2:3.6.15-1ubuntu1)
|
|
Patches: vendor: http://www.debian.org/security/2013/dsa-2617 |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
samba4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(4.0.3+dfsg1-0.1ubuntu1)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|