Detections
Analytics
FreeBSD : Samba -- XSS and request forgery vulnerabilities (56f4b3a6-c82c-11e0-a498-00215c6a37bb)
medium Nessus Plugin ID 55877
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
Samba security advisory reports :All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT.
All current released versions of Samba are vulnerable to a cross-site scripting issue in the Samba Web Administration Tool (SWAT). On the 'Change Password' field, it is possible to insert arbitrary content into the 'user' field.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 55877
File Name: freebsd_pkg_56f4b3a6c82c11e0a49800215c6a37bb.nasl
Version: 1.14
Type: local
Family: FreeBSD Local Security Checks
Published: 8/17/2011
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:samba34, p-cpe:/a:freebsd:freebsd:samba35, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/16/2011
Vulnerability Publication Date: 7/27/2011
Reference Information
CVE: CVE-2011-2522, CVE-2011-2694