Veracode Vulnerability DatabaseVERACODE:24689Cross-Site Request Forgery (CSRF)
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
samba is vulnerable to cross-site request forgery (CSRF). It was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.
References
jvn.jp/en/jp/JVN29529126/index.html
marc.info/?l=bugtraq&m=133527864025056&w=2
osvdb.org/74071
samba.org/samba/history/samba-3.5.10.html
secunia.com/advisories/45393
secunia.com/advisories/45488
secunia.com/advisories/45496
securityreason.com/securityalert/8317
securitytracker.com/id?1025852
ubuntu.com/usn/usn-1182-1
www.debian.org/security/2011/dsa-2290
www.exploit-db.com/exploits/17577
www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
www.mandriva.com/security/advisories?name=MDVSA-2011:121
www.samba.org/samba/security/CVE-2011-2522
www.securityfocus.com/bid/48899
access.redhat.com/errata/RHSA-2011:1219
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=721348
bugzilla.samba.org/show_bug.cgi?id=8290
exchange.xforce.ibmcloud.com/vulnerabilities/68843
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P