FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2522

This CVE name corresponds to:

Entered Topic
2011-08-16 Samba -- cross site scripting and request forgery vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-2522 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-2522
Phase Assigned(20110615)

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

References

Source Reference
EXPLOIT-DB 17577
CONFIRM http://samba.org/samba/history/samba-3.5.10.html
CONFIRM http://www.samba.org/samba/security/CVE-2011-2522
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=721348
CONFIRM https://bugzilla.samba.org/show_bug.cgi?id=8290
DEBIAN DSA-2290
HP HPSBNS02701
HP SSRT100598
MANDRIVA MDVSA-2011:121
UBUNTU USN-1182-1
JVN JVN#29529126
BID 48899
OSVDB 74071
SECTRACK 1025852
SECUNIA 45393
SECUNIA 45488
SECUNIA 45496
SREASON 8317
XF samba-swat-csrf(68843)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.