Cross-site scripting in Samba

#VU44866 Cross-site scripting in Samba

Published: 2011-07-29 | Updated: 2021-04-29

Vulnerability identifier: #VU44866

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-2694

CWE-ID: CWE-79

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

Vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 3.0.0 - 3.0.37, 3.1.0, 3.2.0 - 3.2.15, 3.3.0 - 3.3.12, 3.4.0 - 3.4.7, 3.5 - 3.5.9

External links
http://jvn.jp/en/jp/JVN63041502/index.html
http://osvdb.org/74072
http://samba.org/samba/history/samba-3.5.10.html
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://securitytracker.com/id?1025852
http://ubuntu.com/usn/usn-1182-1
http://www.debian.org/security/2011/dsa-2290
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://www.samba.org/samba/security/CVE-2011-2694
http://www.securityfocus.com/bid/48901
http://bugzilla.redhat.com/show_bug.cgi?id=722537
http://bugzilla.samba.org/show_bug.cgi?id=8289
http://exchange.xforce.ibmcloud.com/vulnerabilities/68844

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Slackware Linux update for samba

Multiple vulnerabilities in Samba