Detections
Analytics
CVE-2011-2522medium
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
References
http://jvn.jp/en/jp/JVN29529126/index.html
http://marc.info/?l=bugtraq&m=133527864025056&w=2
http://samba.org/samba/history/samba-3.5.10.html
https://bugzilla.redhat.com/show_bug.cgi?id=721348
https://bugzilla.samba.org/show_bug.cgi?id=8290
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://securityreason.com/securityalert/8317
http://securitytracker.com/id?1025852
https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
http://ubuntu.com/usn/usn-1182-1
http://www.debian.org/security/2011/dsa-2290
http://www.exploit-db.com/exploits/17577
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121