CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
sambasamba
3.0.0 ≤
𝑥
< 3.3.16
sambasamba
3.4.0 ≤
𝑥
< 3.4.14
sambasamba
3.5.0 ≤
𝑥
< 3.5.10
canonicalubuntu_linux
8.04
canonicalubuntu_linux
10.04
canonicalubuntu_linux
10.10
canonicalubuntu_linux
11.04
debiandebian_linux
5.0
debiandebian_linux
6.0
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
hardy
Fixed 3.0.28a-1ubuntu4.15
released
lucid
Fixed 2:3.4.7~dfsg-1ubuntu3.7
released
maverick
Fixed 2:3.5.4~dfsg-1ubuntu8.5
released
natty
Fixed 2:3.5.8~dfsg-1ubuntu2.3
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
cifs-utils
RHEL 6
0:4.8.1-2.el6_1.2
fixed
libsmbclient
RHEL 6
0:3.5.6-86.el6_1.4
fixed
libsmbclient-devel
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-client
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-common
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-doc
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-domainjoin-gui
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-swat
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind-clients
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind-devel
RHEL 6
0:3.5.6-86.el6_1.4
fixed
samba-winbind-krb5-locator
RHEL 6
0:3.5.6-86.el6_1.4
fixed
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN63041502/index.html
http://osvdb.org/74072
http://samba.org/samba/history/samba-3.5.10.html
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://securitytracker.com/id?1025852
http://ubuntu.com/usn/usn-1182-1
http://www.debian.org/security/2011/dsa-2290
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://www.samba.org/samba/security/CVE-2011-2694
http://www.securityfocus.com/bid/48901
https://bugzilla.redhat.com/show_bug.cgi?id=722537
https://bugzilla.samba.org/show_bug.cgi?id=8289
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844
http://jvn.jp/en/jp/JVN63041502/index.html
http://osvdb.org/74072
http://samba.org/samba/history/samba-3.5.10.html
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://securitytracker.com/id?1025852
http://ubuntu.com/usn/usn-1182-1
http://www.debian.org/security/2011/dsa-2290
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://www.samba.org/samba/security/CVE-2011-2694
http://www.securityfocus.com/bid/48901
https://bugzilla.redhat.com/show_bug.cgi?id=722537
https://bugzilla.samba.org/show_bug.cgi?id=8289
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844