#VU44865 Cross-site request forgery in Samba - CVE-2011-2522

Cybersecurity Help s.r.o.

Published: 2011-07-29 | Updated: 2021-04-29

Vulnerability identifier: #VU44865

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2011-2522

CWE-ID: CWE-352

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 3.0.0 - 3.0.37, 3.1.0, 3.2.0 - 3.2.15, 3.3.0 - 3.3.12, 3.4.0 - 3.4.7, 3.5.0 - 3.5.9

External links
https://jvn.jp/en/jp/JVN29529126/index.html
https://marc.info/?l=bugtraq&m=133527864025056&w=2
https://osvdb.org/74071
https://samba.org/samba/history/samba-3.5.10.html
https://secunia.com/advisories/45393
https://secunia.com/advisories/45488
https://secunia.com/advisories/45496
https://securityreason.com/securityalert/8317
https://securitytracker.com/id?1025852
https://ubuntu.com/usn/usn-1182-1
https://www.debian.org/security/2011/dsa-2290
https://www.exploit-db.com/exploits/17577
https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
https://www.mandriva.com/security/advisories?name=MDVSA-2011:121
https://www.samba.org/samba/security/CVE-2011-2522
https://www.securityfocus.com/bid/48899
https://bugzilla.redhat.com/show_bug.cgi?id=721348
https://bugzilla.samba.org/show_bug.cgi?id=8290
https://exchange.xforce.ibmcloud.com/vulnerabilities/68843

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Cross-site request forgery in CIFS Server (Samba)

Slackware Linux update for samba

Multiple vulnerabilities in Samba