Rapid7 Vulnerability & Exploit Database

RHSA-2011:1220: samba3x security update

Back to Search

RHSA-2011:1220: samba3x security update



Samba is a suite of programs used by machines to share files, printers, andother information.A cross-site scripting (XSS) flaw was found in the password change page ofthe Samba Web Administration Tool (SWAT). If a remote attacker could tricka user, who was logged into the SWAT interface, into visiting aspecially-crafted URL, it would lead to arbitrary web script execution inthe context of the user's SWAT session. (CVE-2011-2694)It was found that SWAT web pages did not protect against Cross-SiteRequest Forgery (CSRF) attacks. If a remote attacker could trick a user,who was logged into the SWAT interface, into visiting a specially-craftedURL, the attacker could perform Samba configuration changes with theprivileges of the logged in user. (CVE-2011-2522)It was found that the fix for CVE-2010-0547, provided by the Samba rebasein RHBA-2011:0054, was incomplete. The mount.cifs tool did not properlyhandle share or directory names containing a newline character, allowing alocal attacker to corrupt the mtab (mounted file systems table) file via aspecially-crafted CIFS (Common Internet File System) share mount request,if mount.cifs had the setuid bit set. (CVE-2011-2724)It was found that the mount.cifs tool did not handle certain errorscorrectly when updating the mtab file. If mount.cifs had the setuid bitset, a local attacker could corrupt the mtab file by setting a small filesize limit before running mount.cifs. (CVE-2011-1678)Note: mount.cifs from the samba3x packages distributed by Red Hat does nothave the setuid bit set. We recommend that administrators do not manuallyset the setuid bit for mount.cifs.Red Hat would like to thank the Samba project for reporting CVE-2011-2694and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstreamacknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as theoriginal reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.as the original reporter of CVE-2011-2522.Users of Samba are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues. After installing thisupdate, the smb service will be restarted automatically.


  • redhat-upgrade-samba3x
  • redhat-upgrade-samba3x-client
  • redhat-upgrade-samba3x-common
  • redhat-upgrade-samba3x-doc
  • redhat-upgrade-samba3x-domainjoin-gui
  • redhat-upgrade-samba3x-swat
  • redhat-upgrade-samba3x-winbind
  • redhat-upgrade-samba3x-winbind-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center