what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2011-1220-01

Posted Aug 29, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1220-01 - Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.

tags | advisory, remote, web, arbitrary, xss, csrf

systems | linux, redhat

advisories | CVE-2011-1678, CVE-2011-2522, CVE-2011-2694, CVE-2011-2724

SHA-256 | e9760fd558188de1a54f0616b4447ef1e4c3f61dd8e0e4e962b255930a150ba0

Download | Favorite | View

Related Files

No related files