ced6c9df43
Bump samba to version 3.3.15 and add security patches for CVE-2011-2522 and CVE-2011-2694. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
56 lines
1.7 KiB
Diff
56 lines
1.7 KiB
Diff
From d401ccaedaec09ad6900ec24ecaf205bed3e3ac1 Mon Sep 17 00:00:00 2001
|
|
From: Kai Blin <kai@samba.org>
|
|
Date: Thu, 7 Jul 2011 10:03:33 +0200
|
|
Subject: [PATCH] s3 swat: Fix possible XSS attack (bug #8289)
|
|
|
|
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
|
|
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
|
|
insert arbitrary content into the "change password" page.
|
|
|
|
This patch fixes the reflection issue by not printing user-specified content on
|
|
the website anymore.
|
|
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
CVE-2011-2694.
|
|
---
|
|
source/web/swat.c | 14 ++------------
|
|
1 files changed, 2 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/source/web/swat.c b/source/web/swat.c
|
|
index 9c7294a..434b1ac 100644
|
|
--- a/source/web/swat.c
|
|
+++ b/source/web/swat.c
|
|
@@ -1120,11 +1120,9 @@ static void chg_passwd(void)
|
|
if(cgi_variable(CHG_S_PASSWD_FLAG)) {
|
|
printf("<p>");
|
|
if (rslt == True) {
|
|
- printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
|
|
- printf("\n");
|
|
+ printf("%s\n", _(" The passwd has been changed."));
|
|
} else {
|
|
- printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
|
|
- printf("\n");
|
|
+ printf("%s\n", _(" The passwd has NOT been changed."));
|
|
}
|
|
}
|
|
|
|
@@ -1138,14 +1136,6 @@ static void passwd_page(void)
|
|
{
|
|
const char *new_name = cgi_user_name();
|
|
|
|
- /*
|
|
- * After the first time through here be nice. If the user
|
|
- * changed the User box text to another users name, remember it.
|
|
- */
|
|
- if (cgi_variable(SWAT_USER)) {
|
|
- new_name = cgi_variable_nonull(SWAT_USER);
|
|
- }
|
|
-
|
|
if (!new_name) new_name = "";
|
|
|
|
printf("<H2>%s</H2>\n", _("Server Password Management"));
|
|
--
|
|
1.7.1
|
|
|