Notizia Precedente
PeaZip 4.8.1
Notizia Successiva
Maxthon 4.0.3.3000 RC

Samba 4.0.2

Naviga SWZ: Home Page » News
News del 01 Febbraio 13 Autore: Gianplugged
Samba 4.0.2
Note di rilascio:

This is a security release in order to address

CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT).

o  CVE-2013-0213:
   All current released versions of Samba are vulnerable to clickjacking in the   Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into   a malicious web page via a frame or iframe and then overlaid by other content,   an attacker could trick an administrator to potentially change Samba settings.

   In order to be vulnerable, SWAT must have been installed and enabled   either as a standalone server launched from inetd or xinetd, or as a   CGI plugin to Apache. If SWAT has not been installed or enabled (which   is the default install state for Samba) this advisory can be ignored.

o  CVE-2013-0214:
   All current released versions of Samba are vulnerable to a cross-site   request forgery in the Samba Web Administration Tool (SWAT). By guessing a   user´s password and then tricking a user who is authenticated with SWAT into   clicking a manipulated URL on a different web page, it is possible to manipulate   SWAT.

   In order to be vulnerable, the attacker needs to know the victim´s password.   Additionally SWAT must have been installed and enabled either as a standalone   server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has   not been installed or enabled (which is the default install state for Samba)   this advisory can be ignored.

Changes since 4.0.1:
====================

o   Kai Blin <kai@samba.org>
    * BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
    * BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
Inserisci un commento sul forum Commenta la News sul Forum

Voto:

Categoria: Linux

Licenza: Open source

OS: Linux

La Community di SWZone.it

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum

Newsletter

Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter

News Collegate