CVE-2011-2522

N/A Unknown
Published: July 29, 2011 Modified: April 29, 2026
View on NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://jvn.jp/en/jp/JVN29529126/index.html
Source: secalert@redhat.com
Third Party Advisory
http://marc.info/?l=bugtraq&m=133527864025056&w=2
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://osvdb.org/74071
Source: secalert@redhat.com
Broken Link
http://samba.org/samba/history/samba-3.5.10.html
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/45393
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/45488
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/45496
Source: secalert@redhat.com
Third Party Advisory
http://securityreason.com/securityalert/8317
Source: secalert@redhat.com
Third Party Advisory
http://securitytracker.com/id?1025852
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://ubuntu.com/usn/usn-1182-1
Source: secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2011/dsa-2290
Source: secalert@redhat.com
Third Party Advisory
http://www.exploit-db.com/exploits/17577
Source: secalert@redhat.com
Exploit Third Party Advisory VDB Entry
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
Source: secalert@redhat.com
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
Source: secalert@redhat.com
Broken Link
http://www.samba.org/samba/security/CVE-2011-2522
Source: secalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/bid/48899
Source: secalert@redhat.com
Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=721348
Source: secalert@redhat.com
Issue Tracking Patch Third Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=8290
Source: secalert@redhat.com
Issue Tracking Patch Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://jvn.jp/en/jp/JVN29529126/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://marc.info/?l=bugtraq&m=133527864025056&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://osvdb.org/74071
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://samba.org/samba/history/samba-3.5.10.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/45393
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/45488
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/45496
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://securityreason.com/securityalert/8317
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://securitytracker.com/id?1025852
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://ubuntu.com/usn/usn-1182-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2011/dsa-2290
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.exploit-db.com/exploits/17577
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.samba.org/samba/security/CVE-2011-2522
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/48899
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=721348
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=8290
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

38 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
10.0%
95th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-352

Affected Vendors

debian canonical samba

Related CVEs

CVE-2026-56414 7.2
CVE-2026-55975 7.2
CVE-2026-33560 7.1
CVE-2026-31928 8.1
CVE-2026-28701 9.8