| VID |
23227 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.3.16 / 3.4.14 / 3.5.10. As such, it is potentially affected by several vulnerabilities in the Samba Web Administration Tool (SWAT) :
- A cross-site scripting vulnerability exists because of a failure to sanitize input to the username parameter of the 'passwd' program. (Issue #8289)
- A cross-site request forgery (CSRF) vulnerability can allow SWAT to be manipulated when a user who is logged in as root is tricked into clicking specially crafted URLs sent by an attacker. (Issue #8290)
Note that these issues are only exploitable when SWAT it enabled, and it is not enabled by default.
* References:
https://bugzilla.samba.org/show_bug.cgi?id=8289
https://bugzilla.samba.org/show_bug.cgi?id=8290
http://samba.org/samba/security/CVE-2011-2522
http://samba.org/samba/security/CVE-2011-2694
http://www.samba.org/samba/history/samba-3.3.16.html
http://www.samba.org/samba/history/samba-3.4.14.html
http://www.samba.org/samba/history/samba-3.5.10.html
* Platforms Affected:
Samba Project, Samba versions before 3.3.16 / 3.4.14 / 3.5.10
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 3.3.16 / 3.4.14 / 3.5.10 or later, available from the Samba Web site at http://us1.samba.org/samba/ |
| Related URL |
CVE-2011-2522,CVE-2011-2694 (CVE) |
| Related URL |
48899,48901 (SecurityFocus) |
| Related URL |
(ISS) |
|
