Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3101: Does CVE-2013-0213 apply to Centrify_Enabled_Samba 3.6.9-4.5.5.222?

Centrify DirectControl ,   Centrify DirectControl Plugins ,  

12 April,16 at 11:09 AM

Applies to: Centrify-Enabled Samba versions 3.6.9-4.5.5.222 and older.
 
Question: 
 
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x (before 3.6.12), and 4.x (before 4.0.2) allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
 
Looking at the exploits mentioned this affects stock Samba versions before 3.6.12 and before 4.0.2.
 
Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
 
Is Centrify-Enabled Samba 3.6.9 also susceptible to this CVE?

 
Answer:
 
Since Centrify-Enabled Samba 3.6.9-4.5.5.222 is based off stock Samba version 3.6.5, it is susceptible.
 
Since this CVE addresses an issue with SWAT and not the Centrify-Enabled samba server itself, the risk should be relatively low. 

At the time of writing, Centrify is planning an updated version of Centrify-Enabled Samba based off of Samba 4.x and is targeted toward the end 2013. This will include the fixes that address these exploits. 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.