User: Password:
|
|
Subscribe / Log in / New account

Pardus alert 2011-110 (samba)

From:  Meltem Parmaksız <meltem@pardus.org.tr>
To:  pardus-security@pardus.org.tr
Subject:  [Pardus-security] [PLSA 2011-110] Samba: Multiple Vulnerabilities
Date:  Mon, 5 Sep 2011 14:53:34 +0300
Message-ID:  <201109051453.34267.meltem@pardus.org.tr>
Archive-link:  Article, Thread

------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-110 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-09-05 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in samba. Description =========== CVE-2011-2522: Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. CVE-2011-2694 : Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page). Affected packages: Pardus 2009: samba, all before 3.3.16-56-17 Pardus 2011: samba, all before 3.5.10-68-p11 Resolution ========== There are update(s) for samba. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up samba Pardus 2011: pisi up samba References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=18842 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds