MDVSA-2011:121 -- Mandriva sambaID: oval:org.secpod.oval:def:301045 | Date: (C)2012-01-07 (M)2023-11-09 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in samba: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool . By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT . All current released versions of Samba are vulnerable to a cross-site scripting issue in the Samba Web Administration Tool . On the Change Password field, it is possible to insert arbitrary content into the user field . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |