CVE-2011-2522

{"id": "CVE-2011-2522", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-07-29T20:55:02.157", "references": [{"url": "http://jvn.jp/en/jp/JVN29529126/index.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=133527864025056&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/74071", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://samba.org/samba/history/samba-3.5.10.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45393", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45488", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45496", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://securityreason.com/securityalert/8317", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1025852", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://ubuntu.com/usn/usn-1182-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2011/dsa-2290", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.exploit-db.com/exploits/17577", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.samba.org/samba/security/CVE-2011-2522", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/48899", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=721348", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=8290", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68843", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program."}, {"lang": "es", "value": "Varias vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la herramienta Samba Web Administration (SWAT) en Samba v3.x antes de v3.5.10 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para las peticiones que (1) apagan los demonios, (2) inician los demonios, (3) agregan recursos compartidos, (4) quitan recursos compartidos, (5) agregan impresoras, (6) eliminan impresoras (7), agregan cuentas de usuario, o (8) quitan cuentas de usuario, como lo demuestran ciertos par\u00e1metros de inicio, parada, y reinicio del programa de estado."}], "lastModified": "2022-08-29T20:20:24.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A7FE6F3-F8CF-46C6-94B8-2717A3BBA803", "versionEndExcluding": "3.3.16", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5559D1ED-F753-4842-9F4A-F78C54817835", "versionEndExcluding": "3.4.14", "versionStartIncluding": "3.4.0"}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7738DB4A-F424-481F-93C0-4C1DEBABAABD", "versionEndExcluding": "3.5.10", "versionStartIncluding": "3.5.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}