Cross-site Request Forgery (CSRF) Affecting samba package, versions <2:3.5.10~dfsg-1


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

Exploit Maturity
Mature
EPSS
0.79% (83rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Cross-site Request Forgery (CSRF) vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DEBIAN10-SAMBA-357575
  • published29 Jul 2011
  • disclosed29 Jul 2011

Introduced: 29 Jul 2011

CVE-2011-2522  (opens in a new tab)
CWE-352  (opens in a new tab)

How to fix?

Upgrade Debian:10 samba to version 2:3.5.10~dfsg-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream samba package and not the samba package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

CVSS Scores

version 3.1