CVE-2011-2522: CSRF
First published: Thu Jul 14 2011(Updated: )
It was found that the different user screens (HTML forms) of the Samba Web Administration Tool suite were missing protection against cross-site request forgery (CSRF) attacks. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could lead to unauthorized commands execution with the privileges of that user (for example shut down or start the samba daemons, add or remove shares, printers, user accounts if the victim authenticated as privileged user to Samba SWAT). Upstream bug report: [1] <a href="https://bugzilla.samba.org/show_bug.cgi?id=8290">https://bugzilla.samba.org/show_bug.cgi?id=8290</a> (not public yet) Acknowledgements: Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/samba | <3.5.10 | 3.5.10 |
| Samba | >=3.0.0<3.3.16 | |
| Samba | >=3.4.0<3.4.14 | |
| Samba | >=3.5.0<3.5.10 | |
| Debian | =5.0 | |
| Debian | =7.0 | |
| Debian | =6.0 | |
| Ubuntu | =10.10 | |
| Ubuntu | =11.04 | |
| Ubuntu | =8.04 | |
| Ubuntu | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=721348
- http://samba.org/samba/history/samba-3.5.10.html
- http://www.samba.org/samba/security/CVE-2011-2522
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
- http://jvn.jp/en/jp/JVN29529126/index.html
- http://www.securityfocus.com/bid/48899
- http://www.exploit-db.com/exploits/17577
- http://securitytracker.com/id?1025852
- http://secunia.com/advisories/45393
- https://bugzilla.samba.org/show_bug.cgi?id=8290
- http://osvdb.org/74071
- http://secunia.com/advisories/45496
- http://secunia.com/advisories/45488
- http://www.debian.org/security/2011/dsa-2290
- http://ubuntu.com/usn/usn-1182-1
- http://securityreason.com/securityalert/8317
- http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
- http://marc.info/?l=bugtraq&m=133527864025056&w=2
- http://www.samba.org/samba/ftp/patches/security/samba-3.5.9-CVE-2011-2522.patch
- http://www.samba.org/samba/ftp/patches/security/samba-3.4.13-CVE-2011-2522.patch
- http://www.samba.org/samba/ftp/patches/security/samba-3.3.15-CVE-2011-2522.patch
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=725890
- https://rhn.redhat.com/errata/RHSA-2011-1220.html
- https://rhn.redhat.com/errata/RHSA-2011-1219.html
- https://rhn.redhat.com/errata/RHSA-2011-1221.html
Frequently Asked Questions
What is the severity of CVE-2011-2522?
CVE-2011-2522 is considered a moderate severity vulnerability due to its potential for cross-site request forgery attacks.
How do I fix CVE-2011-2522?
To mitigate CVE-2011-2522, you should upgrade Samba to version 3.5.10 or later.
What types of systems are affected by CVE-2011-2522?
CVE-2011-2522 affects various versions of Samba, particularly those prior to 3.5.10 and specific Debian and Ubuntu versions.
Can CVE-2011-2522 be exploited remotely?
Yes, CVE-2011-2522 can be exploited remotely by an attacker who tricks an authenticated Samba SWAT user into visiting a malicious URL.
What protections are missing in CVE-2011-2522?
CVE-2011-2522 lacks protection against cross-site request forgery (CSRF) attacks in its user interface.
- agent/remedy
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2522
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/weakness
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- vendor/samba
- canonical/samba
- version/samba/3.0.0
- version/samba/3.4.0
- version/samba/3.5.0
- vendor/debian
- canonical/debian
- version/debian/5.0
- version/debian/7.0
- version/debian/6.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.10
- version/ubuntu/11.04
- version/ubuntu/8.04
- version/ubuntu/10.04