Vulnerability in Samba SWAT tool
A cross site request forgery vulnerability and a related cross-site scripting vulnerability in the SWAT administration tool of the Samba SMB/CIFS and Windows interoperability software has triggered the release of updates for versions 3.3, 3.4 and 3.5 of the software.
With the request forgery problem, an attacker could trick an authenticated user into clicking a manipulated URL on a different web page and gain control of SWAT. If that user is authenticated as the root user in the system, it is possible, for example, to start or stop the service and add or remove shares, printers or user accounts. The SWAT tool has to be installed and enabled as either a standalone server or as an Apache CGI plug-in to be vulnerable. By default, SWAT is neither installed nor enabled. The cross-site scripting vulnerability only exists if the request forgery problem is not fixed and allows an attacker to insert arbitrary content into the user field of the change password pages of SWAT.
The Samba developers have release updated source code versions of Samba 3.5.10 (release notes), 3.4.14 (release notes) and 3.3.16 (release notes) to address the SWAT issue. The developers also published a third release candidate of Samba 3.6.0, which according to its release notes, also includes fixes for the SWAT issue.
Samba is licensed under the GPLv3.