The Samba-Bugzilla – Attachment 6685 Details for
Bug 8289
Swat contains a cross-site scripting vulnerability; CVE-2011-2694
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed fix for 3.6
0001-s3-swat-Fix-possible-XSS-attack-bug-8289.patch (text/plain), 1.68 KB, created by
Kai Blin
on 2011-07-12 18:39:33 UTC
(
hide
)
Description:
Proposed fix for 3.6
Filename:
MIME Type:
Creator:
Kai Blin
Created:
2011-07-12 18:39:33 UTC
Size:
1.68 KB
patch
obsolete
>From a1afbca5d80ab57c7e16c1ebb5b294f7da78442e Mon Sep 17 00:00:00 2001 >From: Kai Blin <kai@samba.org> >Date: Thu, 7 Jul 2011 10:03:33 +0200 >Subject: [PATCH 01/13] s3 swat: Fix possible XSS attack (bug #8289) > >Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack >against SWAT, the Samba Web Administration Tool. The attack uses reflection to >insert arbitrary content into the "change password" page. > >This patch fixes the reflection issue by not printing user-specified content on >the website anymore. > >Signed-off-by: Kai Blin <kai@samba.org> >--- > source3/web/swat.c | 14 ++------------ > 1 files changed, 2 insertions(+), 12 deletions(-) > >diff --git a/source3/web/swat.c b/source3/web/swat.c >index d00ead5..08c30c7 100644 >--- a/source3/web/swat.c >+++ b/source3/web/swat.c >@@ -1129,11 +1129,9 @@ static void chg_passwd(void) > if(cgi_variable(CHG_S_PASSWD_FLAG)) { > printf("<p>"); > if (rslt == True) { >- printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER)); >- printf("\n"); >+ printf("%s\n", _(" The passwd has been changed.")); > } else { >- printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER)); >- printf("\n"); >+ printf("%s\n", _(" The passwd for has NOT been changed.")); > } > } > >@@ -1147,14 +1145,6 @@ static void passwd_page(void) > { > const char *new_name = cgi_user_name(); > >- /* >- * After the first time through here be nice. If the user >- * changed the User box text to another users name, remember it. >- */ >- if (cgi_variable(SWAT_USER)) { >- new_name = cgi_variable_nonull(SWAT_USER); >- } >- > if (!new_name) new_name = ""; > > printf("<H2>%s</H2>\n", _("Server Password Management")); >-- >1.7.0.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 8289
:
6684
| 6685 |
6686
|
6687
|
6688
|
6694
|
6696