Samba XSS and request forgery vulnerabilities

Two vulnerabilities have been reported in Samba, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.

1. The Samba Web Administration Tool (SWAT) allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

This can be exploited to e.g. shutdown or start Samba daemons and add or remove shares, printers, or user accounts by tricking a logged-in user into visiting a malicious web site.

2. Input passed to the “user” field of the “Change password” page of SWAT is not properly sanitized before being returned to the user.

This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Successful exploitation of the vulnerabilities requires that SWAT is enabled (not default).

The vulnerabilities are reported in versions 3.0.x through 3.5.9.

Solution: Update to version 3.5.10.