Bug 8907

Summary: samba new security issues CVE-2013-0213 and CVE-2013-0214
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/536068/
Whiteboard: mga2-32-ok mga2-64-ok
Source RPM: samba-3.6.5-1.mga2.src.rpm CVE:
Status comment:

Description David Walser 2013-01-30 22:18:55 CET 
Samba 3.6.12 has been released upstream, fixing two security issues with SWAT.

Updated package uploaded for Cauldron.

Patched package uploaded for Mageia 2.

Advisory:
========================

Updated samba packages fix security vulnerabilities:

Samba versions before 3.6.11 and 4.0.2 are vulnerable to clickjacking in the
Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
a malicious web page via a frame or iframe and then overlaid by other content,
an attacker could trick an administrator to potentially change Samba settings
(CVE-2013-0213).

Samba versions before 3.6.11 and 4.0.2 are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By guessing a
user's password and then tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is possible to
manipulate SWAT (CVE-2013-0214).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214
http://www.samba.org/samba/history/samba-3.6.12.html
========================

Updated packages in core/updates_testing:
========================
samba-server-3.6.5-2.1.mga2
samba-client-3.6.5-2.1.mga2
samba-common-3.6.5-2.1.mga2
samba-doc-3.6.5-2.1.mga2
samba-swat-3.6.5-2.1.mga2
samba-winbind-3.6.5-2.1.mga2
nss_wins-3.6.5-2.1.mga2
libsmbclient0-3.6.5-2.1.mga2
libsmbclient0-devel-3.6.5-2.1.mga2
libsmbclient0-static-devel-3.6.5-2.1.mga2
libnetapi0-3.6.5-2.1.mga2
libnetapi-devel-3.6.5-2.1.mga2
libsmbsharemodes0-3.6.5-2.1.mga2
libsmbsharemodes-devel-3.6.5-2.1.mga2
libwbclient0-3.6.5-2.1.mga2
libwbclient-devel-3.6.5-2.1.mga2
samba-virusfilter-clamav-3.6.5-2.1.mga2
samba-virusfilter-fsecure-3.6.5-2.1.mga2
samba-virusfilter-sophos-3.6.5-2.1.mga2
samba-domainjoin-gui-3.6.5-2.1.mga2

from samba-3.6.5-2.1.mga2.src.rpm
David Walser 2013-01-30 22:34:10 CET

Severity: normal => major

Comment 1 claire robinson 2013-01-31 19:43:34 CET 
No real PoC's, it should be sufficient to ensure samba can be configured using samba-swat and works ok.
Comment 2 claire robinson 2013-02-05 18:20:35 CET 
Testing complete mga2 32 & 64

Still finds the smb server in MCC (diskdrake?) but doesn't show the shares, making it a bit useless.

Mounting with the command below..

# mount -t cifs //host/share /mount/point -o username=<user>,password=<passwd>

To test swat it is necessary to enable it in /etc/xinetd.d/swat by changing disable to no, then restart xinetd service. Then use your browser to log in as your root user at http://localhost:901

Confirmed I was able to log in to swat, alter settings and view the server status on 32 & 64 bit and that i could mount a 64bit share on 32 bit and 32 bit share on 64 bit using mount -t cifs

Whiteboard: (none) => mga2-32-ok mga2-64-ok

Comment 3 claire robinson 2013-02-05 18:21:29 CET 
Validating

Advisory & srpm in comment 0

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 David Walser 2013-02-05 19:08:38 CET 
Debian has issued an advisory for this on February 2:
http://www.debian.org/security/2013/dsa-2617

URL: (none) => http://lwn.net/Vulnerabilities/536068/

Comment 5 David Walser 2013-02-05 21:00:38 CET 
Patch checked into Mageia 1 SVN.
Comment 6 Thomas Backlund 2013-02-06 23:22:30 CET 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0035

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED