Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2694

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-2694
Last Modified 03 Oct 2011 10:51:39
Published 29 Jul 2011 04:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-2694

Summary

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

Vulnerable Systems

Application

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.10

  • Samba 3.0.11

  • Samba 3.0.12

  • Samba 3.0.13

  • Samba 3.0.14

  • Samba 3.0.14a

  • Samba 3.0.15

  • Samba 3.0.16

  • Samba 3.0.17

  • Samba 3.0.18

  • Samba 3.0.19

  • Samba 3.0.2

  • Samba 3.0.20

  • Samba 3.0.20a

  • Samba 3.0.20b

  • Samba 3.0.21

  • Samba 3.0.21a

  • Samba 3.0.21b

  • Samba 3.0.21c

  • Samba 3.0.22

  • Samba 3.0.23

  • Samba 3.0.23a

  • Samba 3.0.23b

  • Samba 3.0.23c

  • Samba 3.0.23d

  • Samba 3.0.24

  • Samba 3.0.25

  • Samba 3.0.25a

  • Samba 3.0.25b

  • Samba 3.0.25c

  • Samba 3.0.26

  • Samba 3.0.26a

  • Samba 3.0.27

  • Samba 3.0.28

  • Samba 3.0.29

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.30

  • Samba 3.0.31

  • Samba 3.0.32

  • Samba 3.0.33

  • Samba 3.0.34

  • Samba 3.0.35

  • Samba 3.0.36

  • Samba 3.0.37

  • Samba 3.0.4

  • Samba 3.0.5

  • Samba 3.0.6

  • Samba 3.0.7

  • Samba 3.0.8

  • Samba 3.0.9

  • Samba 3.1

  • Samba 3.2.0

  • Samba 3.2.1

  • Samba 3.2.10

  • Samba 3.2.11

  • Samba 3.2.12

  • Samba 3.2.13

  • Samba 3.2.14

  • Samba 3.2.15

  • Samba 3.2.2

  • Samba 3.2.3

  • Samba 3.2.4

  • Samba 3.2.5

  • Samba 3.2.6

  • Samba 3.2.7

  • Samba 3.2.8

  • Samba 3.2.9

  • Samba 3.3.0

  • Samba 3.3.1

  • Samba 3.3.10

  • Samba 3.3.11

  • Samba 3.3.12

  • Samba 3.3.2

  • Samba 3.3.3

  • Samba 3.3.4

  • Samba 3.3.5

  • Samba 3.3.6

  • Samba 3.3.7

  • Samba 3.3.8

  • Samba 3.3.9

  • Samba 3.4.0

  • Samba 3.4.1

  • Samba 3.4.2

  • Samba 3.4.3

  • Samba 3.4.4

  • Samba 3.4.5

  • Samba 3.4.6

  • Samba 3.4.7

  • Samba 3.5

  • Samba 3.5.0

  • Samba 3.5.1

  • Samba 3.5.2

  • Samba 3.5.3

  • Samba 3.5.4

  • Samba 3.5.5

  • Samba 3.5.6

  • Samba 3.5.7

  • Samba 3.5.8

  • Samba 3.5.9


References

CONFIRM - https://bugzilla.samba.org/show_bug.cgi?id=8289

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=722537

XF - samba-user-xss(68844)

BID - 48901

CONFIRM - http://www.samba.org/samba/security/CVE-2011-2694

HP - HPSBNS02701

HP - SSRT100598

DEBIAN - DSA-2290

UBUNTU - USN-1182-1

SECTRACK - 1025852

SECUNIA - 45496

SECUNIA - 45488

SECUNIA - 45393

CONFIRM - http://samba.org/samba/history/samba-3.5.10.html

OSVDB - 74072

Related Patches

Novell SUSE 2011:5000 cifs-mount security update for SLE 11 SP1 i586

Novell SUSE 2011:7671 cifs-mount security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:57:05