Cross-Site Scripting vulnerability in SWAT

2011-07-2600:00:00

Samba Security

www.samba.org

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

66.0%

JSON

Description

All current released versions of Samba are vulnerable to a cross-site
scripting issue in the Samba Web Administration Tool (SWAT). On the “Change
Password” field, it is possible to insert arbitrary content into the “user”
field.

This issue is only exploitable if CVE-2011-2522 has not been fixed.

Workaround

Ensure SWAT is turned off and use a different method to change the user’s
password.

Patch Availability

A patch addressing this defect has been posted to

http://www.samba.org/samba/security/

Additionally, Samba 3.5.10 has been issued as security release to correct the
defect. Patches against older Samba versions are available at
http://samba.org/samba/patches/. Samba administrators running affected
versions are advised to upgrade to 3.5.10 or apply the patch as soon
as possible.

Credits

The issue was discovered by Nobuhiro Tsuji, NTT DATA SECURITY CORPORATION and
reported to the Samba Team by Takayuki Uchiyama of JPCERT. The patches for all
Samba versions were written and tested by Kai Blin ([email protected]).