CVE-2011-2522
published 2011-07-29CVE-2011-2522: Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to…
PriorityP340medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
10.05%
95.0th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | samba | < samba 2:3.5.10~dfsg-1 (bookworm) | samba 2:3.5.10~dfsg-1 (bookworm) |
| samba | samba | >= 0 < 2:3.5.10~dfsg-1 | 2:3.5.10~dfsg-1 |
| samba | samba | >= 0 < 2:3.5.10~dfsg-1 | 2:3.5.10~dfsg-1 |
| samba | samba | >= 0 < 2:3.5.10~dfsg-1 | 2:3.5.10~dfsg-1 |
| samba | samba | >= 0 < 2:3.5.10~dfsg-1 | 2:3.5.10~dfsg-1 |
| samba | samba | >= 3.0.0 < 3.3.16 | 3.3.16 |
| samba | samba | >= 3.4.0 < 3.4.14 | 3.4.14 |
| samba | samba | >= 3.5.0 < 3.5.10 | 3.5.10 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5cxg-6999-xfwq: Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3
ghsa_unreviewed·2022-05-14
CVE-2011-2522 [MEDIUM] CWE-352 GHSA-5cxg-6999-xfwq: Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
OSV
CVE-2011-2522: Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3
osv·2011-07-29·CVSS 6.8
CVE-2011-2522 [MEDIUM] CVE-2011-2522: Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2011-08-02·CVSS 6.8
CVE-2011-2522 [MEDIUM] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: An attacker could use a malicious URL to reconfigure Samba or steal
information.
Yoshihiro Ishikawa discovered that the Samba Web Administration Tool (SWAT)
was vulnerable to cross-site request forgeries (CSRF). If a Samba
administrator were tricked into clicking a link on a specially crafted web
page, an attacker could trigger commands that could modify the Samba
configuration. (CVE-2011-2522)
Nobuhiro Tsuji discovered that the Samba Web Administration Tool (SWAT) did
not properly sanitize its input when processing password change requests,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could expl
Red Hat
(SWAT): Absent CSRF protection in various Samba web configuration formulars
vendor_redhat·2011-07-26·CVSS 6.8
CVE-2011-2522 [MEDIUM] CWE-352 (SWAT): Absent CSRF protection in various Samba web configuration formulars
(SWAT): Absent CSRF protection in various Samba web configuration formulars
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Package: samba4 (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2011-2522: samba - Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Admi...
vendor_debian·2011·CVSS 6.8
CVE-2011-2522 [MEDIUM] CVE-2011-2522: samba - Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Admi...
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Scope: local
bookworm: resolved (fixed in 2:3.5.10~dfsg-1)
bullseye: resolved (fixed in 2:3.5.10~dfsg-1)
forky: resolved (fixed in 2:3.5.10~dfsg-1)
sid: resolved (fixed in 2:3.5.10~dfsg-1)
trixie: resolved (fixed in 2:3.5.10~dfsg-1)
No detection rules found.
Bugzilla
CVE-2013-0214 samba: cross-site request forgery vulnerability in SWAT
bugzilla·2013-01-30·CVSS 6.8
CVE-2013-0214 [MEDIUM] CVE-2013-0214 samba: cross-site request forgery vulnerability in SWAT
CVE-2013-0214 samba: cross-site request forgery vulnerability in SWAT
It was reported [1] that Samba's SWAT web configuration interface suffered from a potential cross-site request forgery (CSRF) vulnerability.
This is being fixed by using a random nonce stored in secrets.tdb.
[1] https://bugzilla.samba.org/show_bug.cgi?id=9577
Discussion:
Acknowledgements:
Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.
---
This has been corrected in upstream versions 4.0.2, 3.6.12, and 3.5.21.
External References:
http://www.samba.org/samba/history/samba-4.0.2.html
---
Created samba4 tracking bugs for this issue
Affects: fedora-17 [bug 906003]
---
Created samba tracking bugs for this issue
Affects: fedora-al
Bugzilla
CVE-2011-2522 CVE-2011-2694 samba various flaws [fedora-all]
bugzilla·2011-07-26·CVSS 6.8
CVE-2011-2522 [MEDIUM] CVE-2011-2522 CVE-2011-2694 samba various flaws [fedora-all]
CVE-2011-2522 CVE-2011-2694 samba various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=721348
Please note: this issue affects multiple supported ver
Bugzilla
CVE-2011-2522 samba (SWAT): Absent CSRF protection in various Samba web configuration formulars
bugzilla·2011-07-14·CVSS 6.8
CVE-2011-2522 [MEDIUM] CVE-2011-2522 samba (SWAT): Absent CSRF protection in various Samba web configuration formulars
CVE-2011-2522 samba (SWAT): Absent CSRF protection in various Samba web configuration formulars
It was found that the different user screens (HTML forms) of the Samba Web Administration Tool suite were missing protection against cross-site request forgery (CSRF) attacks. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could lead to unauthorized commands execution with the privileges of that user (for example shut down or start the samba daemons, add or remove shares, printers, user accounts if the victim authenticated as privileged user to Samba SWAT).
Upstream bug report:
[1] https://bugzilla.samba.org/show_bug.cgi?id=8290 (not public yet)
Acknowledgements:
Red Hat would like to thank the Samba project for reporting this
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
http://jvn.jp/en/jp/JVN29529126/index.htmlhttp://marc.info/?l=bugtraq&m=133527864025056&w=2http://osvdb.org/74071http://samba.org/samba/history/samba-3.5.10.htmlhttp://secunia.com/advisories/45393http://secunia.com/advisories/45488http://secunia.com/advisories/45496http://securityreason.com/securityalert/8317http://securitytracker.com/id?1025852http://ubuntu.com/usn/usn-1182-1http://www.debian.org/security/2011/dsa-2290http://www.exploit-db.com/exploits/17577http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543http://www.mandriva.com/security/advisories?name=MDVSA-2011:121http://www.samba.org/samba/security/CVE-2011-2522http://www.securityfocus.com/bid/48899https://bugzilla.redhat.com/show_bug.cgi?id=721348https://bugzilla.samba.org/show_bug.cgi?id=8290https://exchange.xforce.ibmcloud.com/vulnerabilities/68843http://jvn.jp/en/jp/JVN29529126/index.htmlhttp://marc.info/?l=bugtraq&m=133527864025056&w=2http://osvdb.org/74071http://samba.org/samba/history/samba-3.5.10.htmlhttp://secunia.com/advisories/45393http://secunia.com/advisories/45488http://secunia.com/advisories/45496http://securityreason.com/securityalert/8317http://securitytracker.com/id?1025852http://ubuntu.com/usn/usn-1182-1http://www.debian.org/security/2011/dsa-2290http://www.exploit-db.com/exploits/17577http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543http://www.mandriva.com/security/advisories?name=MDVSA-2011:121http://www.samba.org/samba/security/CVE-2011-2522http://www.securityfocus.com/bid/48899https://bugzilla.redhat.com/show_bug.cgi?id=721348https://bugzilla.samba.org/show_bug.cgi?id=8290https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
2011-07-29
Published