Applies to: Centrify-Enabled Samba versions 3.6.9-126.96.36.199 and older.
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x (before 3.6.12), and 4.x (before 4.0.2) allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
Looking at the exploits mentioned this affects stock Samba versions before 3.6.12 and before 4.0.2.
Is Centrify-Enabled Samba 3.6.9 also susceptible to this CVE?
Since Centrify-Enabled Samba 3.6.9-188.8.131.52 is based off stock Samba version 3.6.5, it is susceptible.
Since this CVE addresses an issue with SWAT and not the Centrify-Enabled samba server itself, the risk should be relatively low.
At the time of writing, Centrify is planning an updated version of Centrify-Enabled Samba based off of Samba 4.x and is targeted toward the end 2013. This will include the fixes that address these exploits.