lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1U5cvN-0007rF-FM@titan.mandriva.com>
Date: Wed, 13 Feb 2013 15:03:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:011 ] samba

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:011
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : samba
 Date    : February 13, 2013
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in samba (swat):
 
 The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21,
 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to
 conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element
 (CVE-2013-0213).
 
 Cross-site request forgery (CSRF) vulnerability in the Samba Web
 Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before
 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the
 authentication of arbitrary users by leveraging knowledge of a password
 and composing requests that perform SWAT actions (CVE-2013-0214).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 6db013b5a435ada0bd8cbf75aad579c9  2011/i586/libnetapi0-3.5.10-1.4-mdv2011.0.i586.rpm
 c15352a46ae6cf6ebfdeb32c40cc0c28  2011/i586/libnetapi-devel-3.5.10-1.4-mdv2011.0.i586.rpm
 fd084b90daafdb3c5a3d8e11c9a6f48e  2011/i586/libsmbclient0-3.5.10-1.4-mdv2011.0.i586.rpm
 ac5b8663b8134130ed5b0e0c3317a6d0  2011/i586/libsmbclient0-devel-3.5.10-1.4-mdv2011.0.i586.rpm
 5218f98832a6e3d5539d9291d4bcb9c6  2011/i586/libsmbclient0-static-devel-3.5.10-1.4-mdv2011.0.i586.rpm
 ca5ec5303c853b60690bc55b8c3bb11e  2011/i586/libsmbsharemodes0-3.5.10-1.4-mdv2011.0.i586.rpm
 df655d84b95e65c04094fc9de5f67374  2011/i586/libsmbsharemodes-devel-3.5.10-1.4-mdv2011.0.i586.rpm
 a08232624445575b64cd150b586bdd4f  2011/i586/libwbclient0-3.5.10-1.4-mdv2011.0.i586.rpm
 a2c1891f7535486078fedd3b494ea35a  2011/i586/libwbclient-devel-3.5.10-1.4-mdv2011.0.i586.rpm
 9717c8ae84e8d733ab92e1e97832cb03  2011/i586/mount-cifs-3.5.10-1.4-mdv2011.0.i586.rpm
 9f462089bf495a1385f9595be8f38a4b  2011/i586/nss_wins-3.5.10-1.4-mdv2011.0.i586.rpm
 bda6ed4ba70f3de2c84af5cea1fb1753  2011/i586/samba-client-3.5.10-1.4-mdv2011.0.i586.rpm
 fd24724fbca4f7261441d705bb4deefe  2011/i586/samba-common-3.5.10-1.4-mdv2011.0.i586.rpm
 298e0b0d7f8112fcfd5389167d4aa116  2011/i586/samba-doc-3.5.10-1.4-mdv2011.0.noarch.rpm
 18a97a0732bd6a325a43651772372b93  2011/i586/samba-domainjoin-gui-3.5.10-1.4-mdv2011.0.i586.rpm
 d78840021cb9c2e337d351ae2a5e28f1  2011/i586/samba-server-3.5.10-1.4-mdv2011.0.i586.rpm
 cfccaf5cea2f8b13c0bd11b1deb840d5  2011/i586/samba-swat-3.5.10-1.4-mdv2011.0.i586.rpm
 3f8f4066d31e06245057d8c6ff220d82  2011/i586/samba-winbind-3.5.10-1.4-mdv2011.0.i586.rpm 
 0daa824cde5e03439510446ff051278a  2011/SRPMS/samba-3.5.10-1.4.src.rpm

 Mandriva Linux 2011/X86_64:
 3f044d5ee408e0dfca4e01745775157c  2011/x86_64/lib64netapi0-3.5.10-1.4-mdv2011.0.x86_64.rpm
 b421666a4ec8aec341f3610e8d8afa31  2011/x86_64/lib64netapi-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm
 737222348522a66313156a9ca4a4dc80  2011/x86_64/lib64smbclient0-3.5.10-1.4-mdv2011.0.x86_64.rpm
 714cb04ab58729c81a636ee34b13f69c  2011/x86_64/lib64smbclient0-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm
 b50f5d7e44a50af4d8864b9af6c3474e  2011/x86_64/lib64smbclient0-static-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm
 8d683f397cfa3a296636c1aa2f3c04fe  2011/x86_64/lib64smbsharemodes0-3.5.10-1.4-mdv2011.0.x86_64.rpm
 ba6ff1a2e120671055963982e91d6cbb  2011/x86_64/lib64smbsharemodes-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm
 a60211a6f145e5a1ad5e2cf53fff00ef  2011/x86_64/lib64wbclient0-3.5.10-1.4-mdv2011.0.x86_64.rpm
 db7fb0112482c2d6d876875d82783891  2011/x86_64/lib64wbclient-devel-3.5.10-1.4-mdv2011.0.x86_64.rpm
 d308c1fb14b28e7e5d11751e335850c7  2011/x86_64/mount-cifs-3.5.10-1.4-mdv2011.0.x86_64.rpm
 4ecd920c885bc488f588583bafc5309c  2011/x86_64/nss_wins-3.5.10-1.4-mdv2011.0.x86_64.rpm
 1e4912e503c2605396912d5b1cf7d3df  2011/x86_64/samba-client-3.5.10-1.4-mdv2011.0.x86_64.rpm
 692860bddb8c29b4c6346b9f629492d7  2011/x86_64/samba-common-3.5.10-1.4-mdv2011.0.x86_64.rpm
 2a9cd80a395684648cf39a87be91e1a6  2011/x86_64/samba-doc-3.5.10-1.4-mdv2011.0.noarch.rpm
 0709f4f6c4d558988c91c53f81ec2019  2011/x86_64/samba-domainjoin-gui-3.5.10-1.4-mdv2011.0.x86_64.rpm
 f7a2b292435ddcc9dd65cb8cf8fbb1dc  2011/x86_64/samba-server-3.5.10-1.4-mdv2011.0.x86_64.rpm
 cb7b14c758d14c66a386c0b12a88f2a9  2011/x86_64/samba-swat-3.5.10-1.4-mdv2011.0.x86_64.rpm
 2d2454f87d6a3abeb2c3425cb7cd0444  2011/x86_64/samba-winbind-3.5.10-1.4-mdv2011.0.x86_64.rpm 
 0daa824cde5e03439510446ff051278a  2011/SRPMS/samba-3.5.10-1.4.src.rpm

 Mandriva Enterprise Server 5:
 be19a4f4a8b74f24e1aa7f67f63f571c  mes5/i586/libnetapi0-3.3.12-0.11mdvmes5.2.i586.rpm
 10f5accdadbef81987db876c4de5dead  mes5/i586/libnetapi-devel-3.3.12-0.11mdvmes5.2.i586.rpm
 a81f1317b39c476f799ad590aac319de  mes5/i586/libsmbclient0-3.3.12-0.11mdvmes5.2.i586.rpm
 7bfa0d6c08099da0e636daa65df26776  mes5/i586/libsmbclient0-devel-3.3.12-0.11mdvmes5.2.i586.rpm
 89c58c63ab9372bd72af479c50d95c44  mes5/i586/libsmbclient0-static-devel-3.3.12-0.11mdvmes5.2.i586.rpm
 3a0fdb0a5482e8422fe045b374f1708f  mes5/i586/libsmbsharemodes0-3.3.12-0.11mdvmes5.2.i586.rpm
 d311c9ac3ede016b5e372a22c52c70fd  mes5/i586/libsmbsharemodes-devel-3.3.12-0.11mdvmes5.2.i586.rpm
 503c8aa874af178408c8fd970d4db84d  mes5/i586/libtalloc1-3.3.12-0.11mdvmes5.2.i586.rpm
 50bfda07dcea421f9470885c83ef17c7  mes5/i586/libtalloc-devel-3.3.12-0.11mdvmes5.2.i586.rpm
 30e840ed8ea8854181a1428a4eb5e020  mes5/i586/libtdb1-3.3.12-0.11mdvmes5.2.i586.rpm
 de440f6cbcd2a9ad6e84dd25b986a16d  mes5/i586/libtdb-devel-3.3.12-0.11mdvmes5.2.i586.rpm
 b1eb0d27b547e9b7b4ea073d58862d5d  mes5/i586/libwbclient0-3.3.12-0.11mdvmes5.2.i586.rpm
 839e95288699fc4c2b1a7c9cb571332f  mes5/i586/libwbclient-devel-3.3.12-0.11mdvmes5.2.i586.rpm
 5c69caa8d771b991694e1c8e60b92e59  mes5/i586/mount-cifs-3.3.12-0.11mdvmes5.2.i586.rpm
 9b71cab4d3885f70b45e0c00565659df  mes5/i586/nss_wins-3.3.12-0.11mdvmes5.2.i586.rpm
 ac9a03903932ec6b5d7d2e55838a44d6  mes5/i586/samba-client-3.3.12-0.11mdvmes5.2.i586.rpm
 ce5892a23c0fd1d918a28755f610c18e  mes5/i586/samba-common-3.3.12-0.11mdvmes5.2.i586.rpm
 3a90bdf522a33011b30af17f4f14c7ef  mes5/i586/samba-doc-3.3.12-0.11mdvmes5.2.i586.rpm
 6ffa2ac33dae9b28ed9ba2245e1c36d5  mes5/i586/samba-server-3.3.12-0.11mdvmes5.2.i586.rpm
 42d7e185c0de24f19e41b621184ffad2  mes5/i586/samba-swat-3.3.12-0.11mdvmes5.2.i586.rpm
 783f7b52940f8f11c56f8b7a97f39f30  mes5/i586/samba-winbind-3.3.12-0.11mdvmes5.2.i586.rpm 
 35d2ee499ef3df0bb9373d071d0693d4  mes5/SRPMS/samba-3.3.12-0.11mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 39fc6cdd82c1a7b3080b91f99244c670  mes5/x86_64/lib64netapi0-3.3.12-0.11mdvmes5.2.x86_64.rpm
 ae253c529c53dcb9707f8dea9a771eba  mes5/x86_64/lib64netapi-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
 29676178fe82b68c035835f83031cdfb  mes5/x86_64/lib64smbclient0-3.3.12-0.11mdvmes5.2.x86_64.rpm
 f75dbfe5488dfaab26a79051e7c2fc03  mes5/x86_64/lib64smbclient0-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
 9c2560d04d3d78be84c82828412015dd  mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
 fbf1eef5913ba47abd8ac6ae5a262b0e  mes5/x86_64/lib64smbsharemodes0-3.3.12-0.11mdvmes5.2.x86_64.rpm
 cad5fe7fc36b6a1b162b1678182d5dba  mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
 db7c7d6d6f6171d94c99306aa84a1828  mes5/x86_64/lib64talloc1-3.3.12-0.11mdvmes5.2.x86_64.rpm
 08360d58c1a9c653ebfb8cf53706a620  mes5/x86_64/lib64talloc-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
 15f0c69ed8198ff18deef06e2ff940e5  mes5/x86_64/lib64tdb1-3.3.12-0.11mdvmes5.2.x86_64.rpm
 77a224b2c614b7e049afdf32e93ab9c1  mes5/x86_64/lib64tdb-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
 25e205ed9f03543ad3c2dd21213b2e37  mes5/x86_64/lib64wbclient0-3.3.12-0.11mdvmes5.2.x86_64.rpm
 09879e87b061583c84a79a43a8d85667  mes5/x86_64/lib64wbclient-devel-3.3.12-0.11mdvmes5.2.x86_64.rpm
 d3406c522d5b102857ad175cacb6fb67  mes5/x86_64/mount-cifs-3.3.12-0.11mdvmes5.2.x86_64.rpm
 97a012362587a935db7a56db17821866  mes5/x86_64/nss_wins-3.3.12-0.11mdvmes5.2.x86_64.rpm
 a3e03c2adcd914dc95f1b71e80755056  mes5/x86_64/samba-client-3.3.12-0.11mdvmes5.2.x86_64.rpm
 826b735f11155e5a0844f1f61cfb5b90  mes5/x86_64/samba-common-3.3.12-0.11mdvmes5.2.x86_64.rpm
 479cdc218b631aea27be2ce973fff469  mes5/x86_64/samba-doc-3.3.12-0.11mdvmes5.2.x86_64.rpm
 1294d3d23b3a9dff87710d0866268022  mes5/x86_64/samba-server-3.3.12-0.11mdvmes5.2.x86_64.rpm
 4b2facee8d95e35bb4b379064ed9028e  mes5/x86_64/samba-swat-3.3.12-0.11mdvmes5.2.x86_64.rpm
 4923ee42187ce395a15d35494904c99f  mes5/x86_64/samba-winbind-3.3.12-0.11mdvmes5.2.x86_64.rpm 
 35d2ee499ef3df0bb9373d071d0693d4  mes5/SRPMS/samba-3.3.12-0.11mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFRG3AfmqjQ0CJFipgRAjXeAKCeNQY4c0FiPWj5o775On9qa9YJJgCg3E9g
aVdWPexeS13orNHBVppHHV8=
=r9Nx
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ