Samba 3.x < 3.3.16 / 3.4.14 / 3.5.10 Multiple Vulnerabilities

medium Nessus Plugin ID 55733

Synopsis

The remote Samba server is affected by multiple vulnerabilities.

Description

According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.3.16 / 3.4.14 / 3.5.10. As such, it is potentially affected by several vulnerabilities in the Samba Web Administration Tool (SWAT) :

- A cross-site scripting vulnerability exists because of a failure to sanitize input to the username parameter of the 'passwd' program. (Issue #8289)

- A cross-site request forgery (CSRF) vulnerability can allow SWAT to be manipulated when a user who is logged in as root is tricked into clicking specially crafted URLs sent by an attacker. (Issue #8290)

Note that these issues are only exploitable when SWAT it enabled, and it is not enabled by default.

Also note that Nessus has relied only on the self-reported version number and has not actually determined whether SWAT is enabled, tried to exploit these issues, or determine if the associated patches have been applied.

Solution

Either apply one of the patches referenced in the project's advisory or upgrade to 3.3.16 / 3.4.14 / 3.5.10 or later.

See Also

https://bugzilla.samba.org/show_bug.cgi?id=8289

https://www.samba.org/samba/history/samba-3.3.16.html

https://www.samba.org/samba/history/samba-3.4.14.html

https://www.samba.org/samba/history/samba-3.5.10.html

https://bugzilla.samba.org/show_bug.cgi?id=8290

https://www.samba.org/samba/security/CVE-2011-2522

https://www.samba.org/samba/security/CVE-2011-2694

Plugin Details

Severity: Medium

ID: 55733

File Name: samba_3_5_10.nasl

Version: 1.10

Type: remote

Family: Misc.

Published: 7/29/2011

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager, SMB/samba, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/26/2011

Vulnerability Publication Date: 7/27/2011

Reference Information

CVE: CVE-2011-2522, CVE-2011-2694

BID: 48899, 48901

Secunia: 45393