CVE-2011-2522: CSRF
First published: Thu Jul 14 2011(Updated: )
It was found that the different user screens (HTML forms) of the Samba Web Administration Tool suite were missing protection against cross-site request forgery (CSRF) attacks. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could lead to unauthorized commands execution with the privileges of that user (for example shut down or start the samba daemons, add or remove shares, printers, user accounts if the victim authenticated as privileged user to Samba SWAT). Upstream bug report: [1] <a href="https://bugzilla.samba.org/show_bug.cgi?id=8290">https://bugzilla.samba.org/show_bug.cgi?id=8290</a> (not public yet) Acknowledgements: Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/samba | <3.5.10 | 3.5.10 |
| Samba | >=3.0.0<3.3.16 | |
| Samba | >=3.4.0<3.4.14 | |
| Samba | >=3.5.0<3.5.10 | |
| Debian Debian Linux | =5.0 | |
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =6.0 | |
| Ubuntu Linux | =10.10 | |
| Ubuntu Linux | =11.04 | |
| Ubuntu Linux | =8.04 | |
| Ubuntu Linux | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=721348
- http://samba.org/samba/history/samba-3.5.10.html
- http://www.samba.org/samba/security/CVE-2011-2522
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
- http://jvn.jp/en/jp/JVN29529126/index.html
- http://www.securityfocus.com/bid/48899
- http://www.exploit-db.com/exploits/17577
- http://securitytracker.com/id?1025852
- http://secunia.com/advisories/45393
- https://bugzilla.samba.org/show_bug.cgi?id=8290
- http://osvdb.org/74071
- http://secunia.com/advisories/45496
- http://secunia.com/advisories/45488
- http://www.debian.org/security/2011/dsa-2290
- http://ubuntu.com/usn/usn-1182-1
- http://securityreason.com/securityalert/8317
- http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
- http://marc.info/?l=bugtraq&m=133527864025056&w=2
- http://www.samba.org/samba/ftp/patches/security/samba-3.5.9-CVE-2011-2522.patch
- http://www.samba.org/samba/ftp/patches/security/samba-3.4.13-CVE-2011-2522.patch
- http://www.samba.org/samba/ftp/patches/security/samba-3.3.15-CVE-2011-2522.patch
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=725890
- https://rhn.redhat.com/errata/RHSA-2011-1220.html
- https://rhn.redhat.com/errata/RHSA-2011-1219.html
- https://rhn.redhat.com/errata/RHSA-2011-1221.html
- agent/remedy
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2522
- agent/software-canonical-lookup
- agent/trending
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- vendor/samba
- canonical/samba
- version/samba/3.0.0
- version/samba/3.4.0
- version/samba/3.5.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/5.0
- version/debian debian linux/7.0
- version/debian debian linux/6.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.10
- version/ubuntu linux/11.04
- version/ubuntu linux/8.04
- version/ubuntu linux/10.04