Samba 3.x < 3.3.16 / 3.4.14 / 3.5.10 Multiple Vulnerabilities

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of Samba 3.x running on the
remote host is earlier than 3.3.16 / 3.4.14 / 3.5.10. As such, it is
potentially affected by several vulnerabilities in the Samba Web
Administration Tool (SWAT) :

- A cross-site scripting vulnerability exists because of a
failure to sanitize input to the username parameter of
the 'passwd' program. (Issue #8289)

- A cross-site request forgery (CSRF) vulnerability can
allow SWAT to be manipulated when a user who is logged
in as root is tricked into clicking specially crafted
URLs sent by an attacker. (Issue #8290)

Note that these issues are only exploitable when SWAT it enabled, and
it is not enabled by default.

Also note that Nessus has relied only on the self-reported version
number and has not actually determined whether SWAT is enabled, tried
to exploit these issues, or determine if the associated patches have
been applied.

See also :

https://bugzilla.samba.org/show_bug.cgi?id=8289
https://bugzilla.samba.org/show_bug.cgi?id=8290
http://samba.org/samba/security/CVE-2011-2522
http://samba.org/samba/security/CVE-2011-2694
http://www.samba.org/samba/history/samba-3.3.16.html
http://www.samba.org/samba/history/samba-3.4.14.html
http://www.samba.org/samba/history/samba-3.5.10.html

Solution :

Either apply one of the patches referenced in the project's advisory
or upgrade to 3.3.16 / 3.4.14 / 3.5.10 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 55733 ()

Bugtraq ID: 48899
48901

CVE ID: CVE-2011-2522
CVE-2011-2694