It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code). Upstream bug report: [1] https://bugzilla.samba.org/show_bug.cgi?id=8290 (not public yet) Acknowledgements: Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION as the original reporter.
This issue affects the versions of the samba package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the version of the samba3x package, as shipped with Red Hat Enterprise Linux 5. -- This issue does NOT affect the version of the samba4 package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the samba package, as shipped with Fedora release of 14 and 15.
This is now public: http://www.samba.org/samba/security/CVE-2011-2694 Upstream samba 3.5.10 corrects this flaw with the following patches: http://www.samba.org/samba/ftp/patches/security/samba-3.5.9-CVE-2011-2694.patch http://www.samba.org/samba/ftp/patches/security/samba-3.4.13-CVE-2011-2694.patch http://www.samba.org/samba/ftp/patches/security/samba-3.3.15-CVE-2011-2694.patch
Created samba tracking bugs for this issue Affects: fedora-all [bug 725890]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:1220 https://rhn.redhat.com/errata/RHSA-2011-1220.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2011:1219 https://rhn.redhat.com/errata/RHSA-2011-1219.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1221 https://rhn.redhat.com/errata/RHSA-2011-1221.html