OpenCVE

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Redhat	Enterprise Linux
Samba	Samba

Configuration 1 [-]

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
samba-0:3.0.33-0.34.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2011:1219	2011-08-29T00:00:00Z
Red Hat Enterprise Linux 5
samba-0:3.0.33-3.29.el5_7.4	cpe:/o:redhat:enterprise_linux:5	RHSA-2011:1219	2011-08-29T00:00:00Z
samba3x-0:3.5.4-0.83.el5_7.2	cpe:/o:redhat:enterprise_linux:5	RHSA-2011:1220	2011-08-29T00:00:00Z
Red Hat Enterprise Linux 6
cifs-utils-0:4.8.1-2.el6_1.2	cpe:/o:redhat:enterprise_linux:6	RHSA-2011:1221	2011-08-29T00:00:00Z
samba-0:3.5.6-86.el6_1.4	cpe:/o:redhat:enterprise_linux:6	RHSA-2011:1221	2011-08-29T00:00:00Z

References

Link	Providers
http://jvn.jp/en/jp/JVN29529126/index.html
http://marc.info/?l=bugtraq&m=133527864025056&w=2
http://osvdb.org/74071
http://samba.org/samba/history/samba-3.5.10.html
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://securityreason.com/securityalert/8317
http://securitytracker.com/id?1025852
http://ubuntu.com/usn/usn-1182-1
http://www.debian.org/security/2011/dsa-2290
http://www.exploit-db.com/exploits/17577
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://www.samba.org/samba/security/CVE-2011-2522
http://www.securityfocus.com/bid/48899
https://bugzilla.redhat.com/show_bug.cgi?id=721348
https://bugzilla.samba.org/show_bug.cgi?id=8290
https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
https://nvd.nist.gov/vuln/detail/CVE-2011-2522
https://www.cve.org/CVERecord?id=CVE-2011-2522

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-07-29T20:00:00

Updated: 2024-08-06T23:00:34.288Z

Reserved: 2011-06-15T00:00:00

Link: CVE-2011-2522

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-07-29T20:55:02.157

Modified: 2024-11-21T01:28:27.390

Link: CVE-2011-2522

Redhat

Severity : Moderate

Publid Date: 2011-07-26T00:00:00Z

Links: CVE-2011-2522 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object