diff options
author | Gustavo Zacarias <gustavo@zacarias.com.ar> | 2011-07-28 17:14:03 -0300 |
---|---|---|
committer | Peter Korsgaard <jacmet@sunsite.dk> | 2011-08-04 21:37:38 +0200 |
commit | ced6c9df4328eea1c10bba11be8c02debe499ec4 (patch) | |
tree | b08a13b4ab1f26c1b340ca4d95edac21e9167ab9 /package/samba/samba-00CVE-2011-2694.patch | |
parent | b4d1882f7e74d448abe37c5a57d9bf39f05e46b2 (diff) | |
download | buildroot-novena-ced6c9df4328eea1c10bba11be8c02debe499ec4.tar.gz buildroot-novena-ced6c9df4328eea1c10bba11be8c02debe499ec4.zip |
samba: bump to version 3.3.15
Bump samba to version 3.3.15 and add security patches for CVE-2011-2522
and CVE-2011-2694.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Diffstat (limited to 'package/samba/samba-00CVE-2011-2694.patch')
-rw-r--r-- | package/samba/samba-00CVE-2011-2694.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/package/samba/samba-00CVE-2011-2694.patch b/package/samba/samba-00CVE-2011-2694.patch new file mode 100644 index 000000000..167accfad --- /dev/null +++ b/package/samba/samba-00CVE-2011-2694.patch @@ -0,0 +1,55 @@ +From d401ccaedaec09ad6900ec24ecaf205bed3e3ac1 Mon Sep 17 00:00:00 2001 +From: Kai Blin <kai@samba.org> +Date: Thu, 7 Jul 2011 10:03:33 +0200 +Subject: [PATCH] s3 swat: Fix possible XSS attack (bug #8289) + +Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack +against SWAT, the Samba Web Administration Tool. The attack uses reflection to +insert arbitrary content into the "change password" page. + +This patch fixes the reflection issue by not printing user-specified content on +the website anymore. + +Signed-off-by: Kai Blin <kai@samba.org> + +CVE-2011-2694. +--- + source/web/swat.c | 14 ++------------ + 1 files changed, 2 insertions(+), 12 deletions(-) + +diff --git a/source/web/swat.c b/source/web/swat.c +index 9c7294a..434b1ac 100644 +--- a/source/web/swat.c ++++ b/source/web/swat.c +@@ -1120,11 +1120,9 @@ static void chg_passwd(void) + if(cgi_variable(CHG_S_PASSWD_FLAG)) { + printf("<p>"); + if (rslt == True) { +- printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER)); +- printf("\n"); ++ printf("%s\n", _(" The passwd has been changed.")); + } else { +- printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER)); +- printf("\n"); ++ printf("%s\n", _(" The passwd has NOT been changed.")); + } + } + +@@ -1138,14 +1136,6 @@ static void passwd_page(void) + { + const char *new_name = cgi_user_name(); + +- /* +- * After the first time through here be nice. If the user +- * changed the User box text to another users name, remember it. +- */ +- if (cgi_variable(SWAT_USER)) { +- new_name = cgi_variable_nonull(SWAT_USER); +- } +- + if (!new_name) new_name = ""; + + printf("<H2>%s</H2>\n", _("Server Password Management")); +-- +1.7.1 + |