CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.samba.org/samba/security/CVE-2011-2694	Vendor Advisory
http://secunia.com/advisories/45393	Not Applicable Vendor Advisory
http://jvn.jp/en/jp/JVN63041502/index.html	Third Party Advisory
http://securitytracker.com/id?1025852	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/48901	Third Party Advisory VDB Entry
http://samba.org/samba/history/samba-3.5.10.html	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=722537	Issue Tracking Patch
https://bugzilla.samba.org/show_bug.cgi?id=8289	Issue Tracking Patch
http://osvdb.org/74072	Broken Link
http://secunia.com/advisories/45496	Not Applicable Third Party Advisory
http://www.debian.org/security/2011/dsa-2290	Third Party Advisory
http://secunia.com/advisories/45488	Not Applicable Third Party Advisory
http://ubuntu.com/usn/usn-1182-1	Third Party Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543	Broken Link Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

Information

Published : 2011-07-29 13:55

Updated : 2022-10-31 08:02

NVD link : CVE-2011-2694

Mitre link : CVE-2011-2694

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

debian

debian_linux

canonical

ubuntu_linux

samba

samba

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.samba.org/samba/security/CVE-2011-2694", "name": "http://www.samba.org/samba/security/CVE-2011-2694", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/45393", "name": "45393", "tags": ["Not Applicable", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://jvn.jp/en/jp/JVN63041502/index.html", "name": "JVN#63041502", "tags": ["Third Party Advisory"], "refsource": "JVN"}, {"url": "http://securitytracker.com/id?1025852", "name": "1025852", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/48901", "name": "48901", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://samba.org/samba/history/samba-3.5.10.html", "name": "http://samba.org/samba/history/samba-3.5.10.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121", "name": "MDVSA-2011:121", "tags": ["Broken Link"], "refsource": "MANDRIVA"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722537", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=722537", "tags": ["Issue Tracking", "Patch"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=8289", "name": "https://bugzilla.samba.org/show_bug.cgi?id=8289", "tags": ["Issue Tracking", "Patch"], "refsource": "CONFIRM"}, {"url": "http://osvdb.org/74072", "name": "74072", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/45496", "name": "45496", "tags": ["Not Applicable", "Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2011/dsa-2290", "name": "DSA-2290", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/45488", "name": "45488", "tags": ["Not Applicable", "Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://ubuntu.com/usn/usn-1182-1", "name": "USN-1182-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543", "name": "SSRT100598", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "HP"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844", "name": "samba-user-xss(68844)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-2694", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2011-07-29T20:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.3.16", "versionStartIncluding": "3.0.0"}, {"cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.4.14", "versionStartIncluding": "3.4.0"}, {"cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.5.10", "versionStartIncluding": "3.5.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-10-31T15:02Z"}

2.6 /10