Japan Vulnerability NotesJVN:29529126JVN#29529126: Samba Web Administration Tool vulnerable to cross-site request forgery
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.3%
Samba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability.
SWAT is disabled in a default configuration of Samba.
Impact
When a user is logged in to SWAT as root, an attacker may change configurations in Samba.
Solution
Update the software
Update to the latest version of Samba or apply the appropriate patch according to the information provided by the developer.
Products Affected
Samba Web Administration Tool (SWAT) contained in the following Samba versions are affected:
- Samba versions prior to 3.5.10
- Samba versions prior to 3.4.14
- Samba versions prior to 3.3.16
- Samba versions 3.0.x through 3.2.15
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.3%