CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
81.6%
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Vendor | Product | Version | CPE |
---|---|---|---|
samba | samba | * | cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* |
debian | debian_linux | 5.0 | cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* |
debian | debian_linux | 6.0 | cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* |
debian | debian_linux | 7.0 | cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 8.04 | cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* |
canonical | ubuntu_linux | 10.04 | cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* |
canonical | ubuntu_linux | 10.10 | cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 11.04 | cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* |
jvn.jp/en/jp/JVN29529126/index.html
marc.info/?l=bugtraq&m=133527864025056&w=2
osvdb.org/74071
samba.org/samba/history/samba-3.5.10.html
secunia.com/advisories/45393
secunia.com/advisories/45488
secunia.com/advisories/45496
securityreason.com/securityalert/8317
securitytracker.com/id?1025852
ubuntu.com/usn/usn-1182-1
www.debian.org/security/2011/dsa-2290
www.exploit-db.com/exploits/17577
www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
www.mandriva.com/security/advisories?name=MDVSA-2011:121
www.samba.org/samba/security/CVE-2011-2522
www.securityfocus.com/bid/48899
bugzilla.redhat.com/show_bug.cgi?id=721348
bugzilla.samba.org/show_bug.cgi?id=8290
exchange.xforce.ibmcloud.com/vulnerabilities/68843