CVE-2011-2694

Name of the Vulnerable Software and Affected Versions Samba versions 3.x through 3.5.9 Samba version 3.5.6

Description A cross-site scripting (XSS) vulnerability exists in the chg passwd function in the Samba Web Administration Tool (SWAT) due to the injection of arbitrary web script or HTML via the username parameter to the passwd program. This issue can be exploited remotely by authenticated administrators. Multiple vulnerabilities in Samba packages for Red Hat Enterprise Linux can lead to the disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Samba versions 3.x through 3.5.9, update to version 3.5.10 or later to resolve the issue. For Samba version 3.5.6, consider disabling the chg passwd function in the SWAT tool as a temporary workaround until a patch is available. Restrict access to the Samba Web Administration Tool (SWAT) to minimize the risk of exploitation.