summaryrefslogtreecommitdiffstats
path: root/package/samba/samba-00CVE-2011-2694.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/samba/samba-00CVE-2011-2694.patch')
-rw-r--r--package/samba/samba-00CVE-2011-2694.patch55
1 files changed, 55 insertions, 0 deletions
diff --git a/package/samba/samba-00CVE-2011-2694.patch b/package/samba/samba-00CVE-2011-2694.patch
new file mode 100644
index 000000000..167accfad
--- /dev/null
+++ b/package/samba/samba-00CVE-2011-2694.patch
@@ -0,0 +1,55 @@
+From d401ccaedaec09ad6900ec24ecaf205bed3e3ac1 Mon Sep 17 00:00:00 2001
+From: Kai Blin <kai@samba.org>
+Date: Thu, 7 Jul 2011 10:03:33 +0200
+Subject: [PATCH] s3 swat: Fix possible XSS attack (bug #8289)
+
+Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
+against SWAT, the Samba Web Administration Tool. The attack uses reflection to
+insert arbitrary content into the "change password" page.
+
+This patch fixes the reflection issue by not printing user-specified content on
+the website anymore.
+
+Signed-off-by: Kai Blin <kai@samba.org>
+
+CVE-2011-2694.
+---
+ source/web/swat.c | 14 ++------------
+ 1 files changed, 2 insertions(+), 12 deletions(-)
+
+diff --git a/source/web/swat.c b/source/web/swat.c
+index 9c7294a..434b1ac 100644
+--- a/source/web/swat.c
++++ b/source/web/swat.c
+@@ -1120,11 +1120,9 @@ static void chg_passwd(void)
+ if(cgi_variable(CHG_S_PASSWD_FLAG)) {
+ printf("<p>");
+ if (rslt == True) {
+- printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
+- printf("\n");
++ printf("%s\n", _(" The passwd has been changed."));
+ } else {
+- printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
+- printf("\n");
++ printf("%s\n", _(" The passwd has NOT been changed."));
+ }
+ }
+
+@@ -1138,14 +1136,6 @@ static void passwd_page(void)
+ {
+ const char *new_name = cgi_user_name();
+
+- /*
+- * After the first time through here be nice. If the user
+- * changed the User box text to another users name, remember it.
+- */
+- if (cgi_variable(SWAT_USER)) {
+- new_name = cgi_variable_nonull(SWAT_USER);
+- }
+-
+ if (!new_name) new_name = "";
+
+ printf("<H2>%s</H2>\n", _("Server Password Management"));
+--
+1.7.1
+