Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2522

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-2522
Last Modified 03 Oct 2011 10:51:25
Published 29 Jul 2011 04:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2522

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

Vulnerable Systems

Application

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.10

  • Samba 3.0.11

  • Samba 3.0.12

  • Samba 3.0.13

  • Samba 3.0.14

  • Samba 3.0.14a

  • Samba 3.0.15

  • Samba 3.0.16

  • Samba 3.0.17

  • Samba 3.0.18

  • Samba 3.0.19

  • Samba 3.0.2

  • Samba 3.0.20

  • Samba 3.0.20a

  • Samba 3.0.20b

  • Samba 3.0.21

  • Samba 3.0.21a

  • Samba 3.0.21b

  • Samba 3.0.21c

  • Samba 3.0.22

  • Samba 3.0.23

  • Samba 3.0.23a

  • Samba 3.0.23b

  • Samba 3.0.23c

  • Samba 3.0.23d

  • Samba 3.0.24

  • Samba 3.0.25

  • Samba 3.0.25a

  • Samba 3.0.25b

  • Samba 3.0.25c

  • Samba 3.0.26

  • Samba 3.0.26a

  • Samba 3.0.27

  • Samba 3.0.28

  • Samba 3.0.29

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.30

  • Samba 3.0.31

  • Samba 3.0.32

  • Samba 3.0.33

  • Samba 3.0.34

  • Samba 3.0.35

  • Samba 3.0.36

  • Samba 3.0.37

  • Samba 3.0.4

  • Samba 3.0.5

  • Samba 3.0.6

  • Samba 3.0.7

  • Samba 3.0.8

  • Samba 3.0.9

  • Samba 3.1

  • Samba 3.2.0

  • Samba 3.2.1

  • Samba 3.2.10

  • Samba 3.2.11

  • Samba 3.2.12

  • Samba 3.2.13

  • Samba 3.2.14

  • Samba 3.2.15

  • Samba 3.2.2

  • Samba 3.2.3

  • Samba 3.2.4

  • Samba 3.2.5

  • Samba 3.2.6

  • Samba 3.2.7

  • Samba 3.2.8

  • Samba 3.2.9

  • Samba 3.3.0

  • Samba 3.3.1

  • Samba 3.3.10

  • Samba 3.3.11

  • Samba 3.3.12

  • Samba 3.3.2

  • Samba 3.3.3

  • Samba 3.3.4

  • Samba 3.3.5

  • Samba 3.3.6

  • Samba 3.3.7

  • Samba 3.3.8

  • Samba 3.3.9

  • Samba 3.4.0

  • Samba 3.4.1

  • Samba 3.4.2

  • Samba 3.4.3

  • Samba 3.4.4

  • Samba 3.4.5

  • Samba 3.4.6

  • Samba 3.4.7

  • Samba 3.5.0

  • Samba 3.5.1

  • Samba 3.5.2

  • Samba 3.5.3

  • Samba 3.5.4

  • Samba 3.5.5

  • Samba 3.5.6

  • Samba 3.5.7

  • Samba 3.5.8

  • Samba 3.5.9


References

CONFIRM - https://bugzilla.samba.org/show_bug.cgi?id=8290

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=721348

XF - samba-swat-csrf(68843)

BID - 48899

CONFIRM - http://www.samba.org/samba/security/CVE-2011-2522

MANDRIVA - MDVSA-2011:121

HP - HPSBNS02701

HP - SSRT100598

EXPLOIT-DB - 17577

DEBIAN - DSA-2290

UBUNTU - USN-1182-1

SECTRACK - 1025852

SREASON - 8317

SECUNIA - 45496

SECUNIA - 45488

SECUNIA - 45393

CONFIRM - http://samba.org/samba/history/samba-3.5.10.html

OSVDB - 74071

JVN - JVN#29529126

Related Patches

Novell SUSE 2011:5000 cifs-mount security update for SLE 11 SP1 i586

Novell SUSE 2011:7671 cifs-mount security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:57:02