samba: fixing Cross-Site Request Forgery (CSRF) and Cross Site Scripting in SWAT (CVE-2011-2522, CVE-2011-2694)
A Cross-Site Request Forgery (CSRF) and a Cross Site
Scripting vulnerability have been fixed in samba's SWAT.
CVE-2011-2522 and CVE-2011-2694 have been assigned.
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4939
Fixed bugs
bnc#708503
Samba Web Adminstration Tool (SWAT) contains a cross-site scripting vulnerability
bnc#705241
VUL-0: Samba SWAT Cross-Site Request Forgery (CSRF)
bnc#705170
ctdb connections tdb traverse timeouts
bnc#693945
ctdbd_traverse() loops forever
bnc#675978
getent passwd|group <user,group> does not work for winbind users on s390 SLES 11 SP 1
bnc#681913
smbclient -M not sending due to NT_STATUS_PIPE_BROKEN
bnc#643119
net rpc printer MIGRATE SETTINGS fails on 64 Bit
bnc#668773
File descriptor leak in Samba causes authentication failures incorrectly.
bnc#649636
malformed spoolss GetPrinter (level 2) response
bnc#643787
Users cant get printer settings from samba
bnc#649526
Add Printer fails with 0x000006f7 on Windows 7
bnc#649636
malformed spoolss GetPrinter (level 2) response
CVE#CVE-2011-2522
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daem
CVE#CVE-2011-2694
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username par
