MDVSA-2013:011 -- Mandriva sambaID: oval:org.secpod.oval:def:302997 | Date: (C)2013-02-26 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in samba : The Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a FRAME or IFRAME element . Cross-site request forgery vulnerability in the Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2011.0 |