CVE-2013-0213
published 2013-02-02CVE-2013-0213: The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking…
PriorityP279medium5.1CVSS 2.0
AVNACHAuNCPIPAP
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
3.25%
86.8th percentile
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
Affected
146 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | samba | < samba 2:3.6.6-5 (bookworm) | samba 2:3.6.6-5 (bookworm) |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The clickjacking attack vector requires the SWAT page to be embeddable via FRAME or IFRAME elements; detect absence of X-Frame-Options header on SWAT responses as an indicator of a vulnerable/unpatched instance ↗
- →Attack is conducted by embedding the SWAT web interface in an attacker-controlled page using a FRAME or IFRAME element to trick authenticated users into changing Samba settings; monitor for cross-origin framing of SWAT (typically port 901) ↗
- →Vulnerable Samba versions are 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2; use version detection to identify unpatched SWAT instances ↗
- ·The fix was applied in upstream commits for versions 4.0.2, 3.6.12, and 3.5.21; instances running older versions of SWAT remain exploitable for clickjacking ↗
- ·Samba upstream planned to remove SWAT entirely in Samba 4.1, so deployments still running SWAT on any version should be treated as high-risk ↗
- ·This issue also co-occurs with CVE-2013-0214 (CSRF in SWAT); both vulnerabilities affect the same component and should be remediated together ↗
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vulncheck5.1MEDIUM
vendor_debian5.1MEDIUM
vendor_redhat5.1MEDIUM
vendor_ubuntu5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7gm8-72hw-wp8h: The Samba Web Administration Tool (SWAT) in Samba 3
ghsa_unreviewed·2022-05-05
CVE-2013-0213 [MEDIUM] CWE-20 GHSA-7gm8-72hw-wp8h: The Samba Web Administration Tool (SWAT) in Samba 3
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
OSV
samba vulnerabilities
osv·2016-03-08·CVSS 5.1
CVE-2015-7560 [MEDIUM] samba vulnerabilities
samba vulnerabilities
Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink
paths. A remote attacker could use this issue to overwrite the ownership of
ACLs using symlinks. (CVE-2015-7560)
Garming Sam and Douglas Bagnall discovered that the Samba internal DNS
server incorrectly handled certain DNS TXT records. A remote attacker could
use this issue to cause Samba to crash, resulting in a denial of service,
or possibly obtain uninitialized memory contents. This issue only applied
to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0771)
It was discovered that the Samba Web Administration Tool (SWAT) was
vulnerable to clickjacking and cross-site request forgery attacks. This
issue only affected Ubuntu 12.04 LTS. (CVE-2013-0213, CVE-2013-0214)
OSV
CVE-2013-0213: The Samba Web Administration Tool (SWAT) in Samba 3
osv·2013-02-02·CVSS 5.1
CVE-2013-0213 [MEDIUM] CVE-2013-0213: The Samba Web Administration Tool (SWAT) in Samba 3
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
VulnCheck
Samba Samba Improper Input Validation
vulncheck·2013·CVSS 5.1
CVE-2013-0213 [MEDIUM] Samba Samba Improper Input Validation
Samba Samba Improper Input Validation
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
Affected: Samba Samba
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://go.recordedfuture.com/hubfs/reports/cta-2024-0208.pdf
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2016-03-08·CVSS 5.1
CVE-2013-0213 [MEDIUM] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: Several security issues were fixed in Samba.
Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink
paths. A remote attacker could use this issue to overwrite the ownership of
ACLs using symlinks. (CVE-2015-7560)
Garming Sam and Douglas Bagnall discovered that the Samba internal DNS
server incorrectly handled certain DNS TXT records. A remote attacker could
use this issue to cause Samba to crash, resulting in a denial of service,
or possibly obtain uninitialized memory contents. This issue only applied
to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0771)
It was discovered that the Samba Web Administration Tool (SWAT) was
vulnerable to clickjacking and cross-site request forgery attacks. This
issue only affected Ubuntu 12.04 LTS.
Red Hat
samba: clickjacking vulnerability in SWAT
vendor_redhat·2013-01-30·CVSS 5.1
CVE-2013-0213 [MEDIUM] samba: clickjacking vulnerability in SWAT
samba: clickjacking vulnerability in SWAT
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
Debian
CVE-2013-0213: samba - The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x befor...
vendor_debian·2013·CVSS 5.1
CVE-2013-0213 [MEDIUM] CVE-2013-0213: samba - The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x befor...
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
Scope: local
bookworm: resolved (fixed in 2:3.6.6-5)
bullseye: resolved (fixed in 2:3.6.6-5)
forky: resolved (fixed in 2:3.6.6-5)
sid: resolved (fixed in 2:3.6.6-5)
trixie: resolved (fixed in 2:3.6.6-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-0213 CVE-2013-0214 samba various flaws [fedora-all]
bugzilla·2013-01-30·CVSS 5.1
CVE-2013-0213 [MEDIUM] CVE-2013-0213 CVE-2013-0214 samba various flaws [fedora-all]
CVE-2013-0213 CVE-2013-0214 samba various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple sup
Bugzilla
CVE-2013-0213 CVE-2013-0214 samba4 various flaws [fedora-17]
bugzilla·2013-01-30·CVSS 5.1
CVE-2013-0213 [MEDIUM] CVE-2013-0213 CVE-2013-0214 samba4 various flaws [fedora-17]
CVE-2013-0213 CVE-2013-0214 samba4 various flaws [fedora-17]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-17 tracking bug for samba4: see block
Bugzilla
CVE-2013-0213 samba: clickjacking vulnerability in SWAT
bugzilla·2013-01-30·CVSS 5.1
CVE-2013-0213 [MEDIUM] CVE-2013-0213 samba: clickjacking vulnerability in SWAT
CVE-2013-0213 samba: clickjacking vulnerability in SWAT
It was reported [1] that Samba's SWAT web configuration interface suffered from a potential clickjacking vulnerability, which allows the SWAT page to be embedded in an attacker's web page using a frame or iframe, and then tricking the user to change Samba settings.
This is being fixed by telling the browser to refuse frame embedding via the "X-Frame-Options: DENY" header.
[1] https://bugzilla.samba.org/show_bug.cgi?id=9576
Discussion:
Acknowledgements:
Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.
---
This has been corrected in upstream versions 4.0.2, 3.6.12, and 3.5.21.
http://www.samba.org/samba/history/samba-4.0.2.html
---
Created samba4
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-03/msg00042.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00029.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00033.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1310.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1542.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0305.htmlhttp://www.debian.org/security/2013/dsa-2617http://www.samba.org/samba/security/CVE-2013-0213http://www.securityfocus.com/bid/57631http://www.ubuntu.com/usn/USN-2922-1https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-03/msg00042.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00029.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00033.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1310.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1542.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0305.htmlhttp://www.debian.org/security/2013/dsa-2617http://www.samba.org/samba/security/CVE-2013-0213http://www.securityfocus.com/bid/57631http://www.ubuntu.com/usn/USN-2922-1https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
2013-02-02
Published
Exploited in the wild