HP Security Bulletin HPSBUX02768 SSRT100664 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to create a cross site request forgery (CSRF) or create a Denial of Service (DoS). Revision 1 of this advisory.
77491bb5f757309ac5f2d24c865aac48
Red Hat Security Advisory 2011-1221-01 - Samba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS shares. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.
d9801246e743b4d38706fb1f357c2111
Red Hat Security Advisory 2011-1220-01 - Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.
a5bf4c36fe233c02cd424d5b58288e3f
Red Hat Security Advisory 2011-1219-01 - Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.
7de3468a79b05efbb20097b9feb2dc7f
Debian Linux Security Advisory 2290-1 - The Samba Web Administration Tool (SWAT) contains several cross-site request forgery (CSRF) vulnerabilities and a cross-site scripting vulnerability.
67ee71b362c0b5c12c27d8b7ac2b754b
Ubuntu Security Notice 1182-1 - Yoshihiro Ishikawa discovered that the Samba Web Administration Tool (SWAT) was vulnerable to cross-site request forgeries (CSRF). If a Samba administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the Samba configuration. Nobuhiro Tsuji discovered that the Samba Web Administration Tool (SWAT) did not properly sanitize its input when processing password change requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
376bd03429a7ed2beba821890ff55dca
Slackware Security Advisory - New samba packages are available for Slackware 13.1, 13.37, and current to address security issues.
4ba2781a4dc7dc1dca274dcef9bf3d17
Mandriva Linux Security Advisory 2011-121 - All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT. All current released versions of Samba are vulnerable to a cross-site scripting issue in the Samba Web Administration Tool (SWAT). On the Change Password field, it is possible to insert arbitrary content into the user field.
ae6dd4dc8f05874e334e55138e63d8ad
SWAT (Samba Web Administration Tool) in Samba versions 3.0.x through 3.5.9 suffers from a cross site request forgery vulnerability.
216a5e5c11d92819fd472e5318f10d13