Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Narendra Shinde · textwebappscgi
https://www.exploit-db.com/exploits/17577
References (19)
Core 19
Core References
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/74071
Broken Link vendor-advisory
x_refsource_hp
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=133527864025056&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1025852
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.samba.org/show_bug.cgi?id=8290
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2290
Vendor Advisory x_refsource_confirm
http://www.samba.org/samba/security/CVE-2011-2522
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45393
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45496
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45488
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=721348
Vendor Advisory x_refsource_confirm
http://samba.org/samba/history/samba-3.5.10.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/17577
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8317
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN29529126/index.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1182-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48899
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
Scores
EPSS
0.1820
EPSS Percentile
95.2%
Details
CWE
CWE-352
Status
published
Products (8)
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
10.10
canonical/ubuntu_linux
11.04
debian/debian_linux
5.0
debian/debian_linux
6.0
debian/debian_linux
7.0
samba/samba
3.0.0 - 3.3.16
Published
Jul 29, 2011
Tracked Since
Feb 18, 2026