USN-1182-1: Samba vulnerabilities
02 August 2011
An attacker could use a malicious URL to reconfigure Samba or steal information.
- samba - a LanManager-like file and printer server for Unix
Yoshihiro Ishikawa discovered that the Samba Web Administration Tool (SWAT)
was vulnerable to cross-site request forgeries (CSRF). If a Samba
administrator were tricked into clicking a link on a specially crafted web
page, an attacker could trigger commands that could modify the Samba
Nobuhiro Tsuji discovered that the Samba Web Administration Tool (SWAT) did
not properly sanitize its input when processing password change requests,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.