Cross-site request forgery in Samba - CVE-2013-0214
Published: February 2, 2013 / Updated: July 28, 2020
Vulnerability identifier: #VU32701
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-0214
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Samba
Affected software:
Samba
Samba
Detailed vulnerability description
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
How to mitigate CVE-2013-0214
Update to version 3.5.21.
Sources
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00029.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00033.html
- http://osvdb.org/89627
- http://rhn.redhat.com/errata/RHSA-2013-1310.html
- http://rhn.redhat.com/errata/RHSA-2013-1542.html
- http://rhn.redhat.com/errata/RHSA-2014-0305.html
- http://www.debian.org/security/2013/dsa-2617
- http://www.samba.org/samba/security/CVE-2013-0214
- http://www.securityfocus.com/bid/57631
- http://www.ubuntu.com/usn/USN-2922-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993