6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.3%
All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By tricking
a user who is authenticated with SWAT into clicking a manipulated URL on
a different web page, it is possible to manipulate SWAT.
In order to be vulnerable, SWAT must have been installed and enabled
either as a standalone server launched from inetd or xinetd, or as a
CGI plugin to Apache. If SWAT has not been installed or enabled (which
is the default install state for Samba) this advisory can be ignored.
If the user authenticated to SWAT as root, it is possible to shut down or
start the samba daemons, add or remove shares, printers and user accounts
and to change other aspects of the Samba configuration.
Ensure SWAT is turned off and configure Samba using an alternative method
to edit the smb.conf file.
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 3.5.10 has been issued as security release to correct the
defect. Patches against older Samba versions are available at
http://samba.org/samba/patches/. Samba administrators running affected
versions are advised to upgrade to 3.5.10 or apply the patch as soon
as possible.
The vulnerability was discovered by Yoshihiro Ishikawa (LAC Co., Ltd.) and
reported to the Samba Team by Takayuki Uchiyama of JPCERT. The patches for all
Samba versions were written and tested by Kai Blin ([email protected]).