Nobuhiro Tsuji

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.x through 3.5.9 Samba version 3.5.6 **Description** A cross-site scripting (XSS) vulnerability exists in the chg passwd function in the Samba Web Administration Tool (SWAT) due to the injection of arbitrary web script or HTML via the `username` parameter to the passwd program. This issue can be exploited remotely by authenticated administrators. Multiple vulnerabilities in Samba packages for Red Hat Enterprise Linux can lead to the disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For Samba versions 3.x through 3.5.9, update to version 3.5.10 or later to resolve the issue. For Samba version 3.5.6, consider disabling the `chg passwd` function in the SWAT tool as a temporary workaround until a patch is available. Restrict access to the Samba Web Administration Tool (SWAT) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Internet Security versions 2009 **Description** The issue concerns the Keystroke Encryption feature, which fails to completely encrypt passwords. This allows local users to obtain sensitive information by using a keylogger. **Recommendations** For version 2009, consider disabling the Keystroke Encryption feature until a proper fix is available to prevent potential exploitation.