CVE-2011-2522

Publication date 28 July 2011

Last updated 24 July 2024

Ubuntu priority

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
samba	11.04 natty	Fixed 2:3.5.8~dfsg-1ubuntu2.3
	10.10 maverick	Fixed 2:3.5.4~dfsg-1ubuntu8.5
	10.04 LTS lucid	Fixed 2:3.4.7~dfsg-1ubuntu3.7
	8.04 LTS hardy	Fixed 3.0.28a-1ubuntu4.15

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
samba	Upstream: http://ftp.samba.org/pub/samba/patches/security/

References

Related Ubuntu Security Notices (USN)

USN-1182-1
Samba vulnerabilities
2 August 2011

CVE-2011-2522

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references