CVE-2011-2522

CVSS V2 Medium 6.8 CVSS V3 None
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Overview
  • CVE ID
  • CVE-2011-2522
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2011-07-29T20:55:02
  • Last Modified Date
  • 2022-08-29T20:20:24
Weakness Enumerations
CWE URL
CWE-352 http://cwe.mitre.org/data/definitions/352.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 1 OR 3.0.0 3.3.16
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 1 OR 3.4.0 3.4.14
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 1 OR 3.5.0 3.5.10
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
https://bugzilla.redhat.com/show_bug.cgi?id=721348 Patch
http://samba.org/samba/history/samba-3.5.10.html
http://www.samba.org/samba/security/CVE-2011-2522 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://jvn.jp/en/jp/JVN29529126/index.html
http://www.securityfocus.com/bid/48899
http://www.exploit-db.com/exploits/17577 Exploit
http://securitytracker.com/id?1025852
http://secunia.com/advisories/45393 Vendor Advisory
https://bugzilla.samba.org/show_bug.cgi?id=8290 Patch
http://osvdb.org/74071
http://secunia.com/advisories/45496
http://secunia.com/advisories/45488
http://www.debian.org/security/2011/dsa-2290
http://ubuntu.com/usn/usn-1182-1
http://securityreason.com/securityalert/8317
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
http://marc.info/?l=bugtraq&m=133527864025056&w=2
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2011-2522
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
History
Created Old Value New Value Data Type Notes
2022-05-10 18:00:20 Added to TrackCVE