FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2694

This CVE name corresponds to:

Entered Topic
2011-08-16 Samba -- cross site scripting and request forgery vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-2694 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-2694
Phase Assigned(20110711)

Description

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

References

Source Reference
CONFIRM http://samba.org/samba/history/samba-3.5.10.html
CONFIRM http://www.samba.org/samba/security/CVE-2011-2694
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=722537
CONFIRM https://bugzilla.samba.org/show_bug.cgi?id=8289
DEBIAN DSA-2290
HP HPSBNS02701
HP SSRT100598
MANDRIVA MDVSA-2011:121
UBUNTU USN-1182-1
JVN JVN#63041502
BID 48901
OSVDB 74072
SECTRACK 1025852
SECUNIA 45393
SECUNIA 45488
SECUNIA 45496
XF samba-user-xss(68844)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.