CVE-2011-2522

2011-07-2800:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web
Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote
attackers to hijack the authentication of administrators for requests that
(1) shut down daemons, (2) start daemons, (3) add shares, (4) remove
shares, (5) add printers, (6) remove printers, (7) add user accounts, or
(8) remove user accounts, as demonstrated by certain start, stop, and
restart parameters to the status program.

Bugs

<https://bugzilla.samba.org/show_bug.cgi?id=8290>

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchsamba< 3.0.28a-1ubuntu4.15UNKNOWN
ubuntu10.04noarchsamba< 2:3.4.7~dfsg-1ubuntu3.7UNKNOWN
ubuntu10.10noarchsamba< 2:3.5.4~dfsg-1ubuntu8.5UNKNOWN
ubuntu11.04noarchsamba< 2:3.5.8~dfsg-1ubuntu2.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	samba	< 3.0.28a-1ubuntu4.15	UNKNOWN
ubuntu	10.04	noarch	samba	< 2:3.4.7~dfsg-1ubuntu3.7	UNKNOWN
ubuntu	10.10	noarch	samba	< 2:3.5.4~dfsg-1ubuntu8.5	UNKNOWN
ubuntu	11.04	noarch	samba	< 2:3.5.8~dfsg-1ubuntu2.3	UNKNOWN