Samba 3.x < 3.3.16 / 3.4.14 / 3.5.10 Multiple Vulnerabilities

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.

Synopsis :

The remote Samba server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of Samba 3.x running on the
remote host is earlier than 3.3.16 / 3.4.14 / 3.5.10. As such, it is
potentially affected by several vulnerabilities in the Samba Web
Administration Tool (SWAT) :

- A cross-site scripting vulnerability exists because of a
failure to sanitize input to the username parameter of
the 'passwd' program. (Issue #8289)

- A cross-site request forgery (CSRF) vulnerability can
allow SWAT to be manipulated when a user who is logged
in as root is tricked into clicking specially crafted
URLs sent by an attacker. (Issue #8290)

Note that these issues are only exploitable when SWAT it enabled, and
it is not enabled by default.

Also note that Nessus has relied only on the self-reported version
number and has not actually determined whether SWAT is enabled, tried
to exploit these issues, or determine if the associated patches have
been applied.

See also :

Solution :

Either apply one of the patches referenced in the project's advisory
or upgrade to 3.3.16 / 3.4.14 / 3.5.10 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 55733 ()

Bugtraq ID: 48899

CVE ID: CVE-2011-2522