Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386255 - net-fs/samba: xss vulnerability (CVE-2011-2694)
Summary: net-fs/samba: xss vulnerability (CVE-2011-2694)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: C4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 12:25 UTC by GLSAMaker/CVETool Bot
Modified: 2011-10-08 12:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 12:25:00 UTC 
CVE-2011-2694 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2694):
  Cross-site scripting (XSS) vulnerability in the chg_passwd function in
  web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before
  3.5.10 allows remote authenticated administrators to inject arbitrary web
  script or HTML via the username parameter to the passwd program (aka the
  user field to the Change Password page).
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 12:27:41 UTC 
XSS. Closing noglsa.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 12:27:52 UTC 
Actually closing.