Bug 721348 (CVE-2011-2522) - CVE-2011-2522 samba (SWAT): Absent CSRF protection in various Samba web configuration formulars
Summary: CVE-2011-2522 samba (SWAT): Absent CSRF protection in various Samba web confi...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-2522
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Embargoed722551 Embargoed722552 Embargoed722553 Embargoed722555 Embargoed722556 Embargoed722560 Embargoed722561 725890
Blocks: Embargoed721358
TreeView+ depends on / blocked
 
Reported: 2011-07-14 10:54 UTC by Jan Lieskovsky
Modified: 2023-05-11 17:51 UTC (History)
10 users (show)

Fixed In Version: samba 3.5.10
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-30 07:22:29 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1219 0 normal SHIPPED_LIVE Moderate: samba security update 2011-08-29 17:27:40 UTC
Red Hat Product Errata RHSA-2011:1220 0 normal SHIPPED_LIVE Moderate: samba3x security update 2011-08-29 17:27:16 UTC
Red Hat Product Errata RHSA-2011:1221 0 normal SHIPPED_LIVE Moderate: samba and cifs-utils security and bug fix update 2011-08-29 17:38:17 UTC

Description Jan Lieskovsky 2011-07-14 10:54:36 UTC 
It was found that the different user screens (HTML forms) of the Samba Web Administration Tool suite were missing protection against cross-site request forgery (CSRF) attacks. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could lead to unauthorized commands execution with the privileges of that user (for example shut down or start the samba daemons, add or remove shares, printers, user accounts if the victim authenticated as privileged user to Samba SWAT).

Upstream bug report:
[1] https://bugzilla.samba.org/show_bug.cgi?id=8290 (not public yet)

Acknowledgements:

Red Hat would like to thank the Samba project for reporting this issue.
Upstream acknowledges Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter.
Comment 2 Jan Lieskovsky 2011-07-14 11:04:56 UTC 
This issue affects the versions of the samba package, as shipped with Red Hat Enterprise Linux 4, 5, and 6.

--

This issue affects the version of the samba3x package, as shipped with Red Hat Enterprise Linux 5.

--

This issue does NOT affect the version of the samba4 package, as shipped with
Red Hat Enterprise Linux 6.

--

This issue affects the versions of the samba package, as shipped with Fedora release of 14 and 15.
Comment 14 Vincent Danen 2011-07-26 20:54:35 UTC 
This is now public:

http://www.samba.org/samba/security/CVE-2011-2522

Upstream samba 3.5.10 corrects this flaw with the following patches:

http://www.samba.org/samba/ftp/patches/security/samba-3.5.9-CVE-2011-2522.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.4.13-CVE-2011-2522.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.3.15-CVE-2011-2522.patch
Comment 15 Vincent Danen 2011-07-26 21:08:38 UTC 
Created samba tracking bugs for this issue

Affects: fedora-all [bug 725890]
Comment 16 errata-xmlrpc 2011-08-29 17:27:23 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:1220 https://rhn.redhat.com/errata/RHSA-2011-1220.html
Comment 17 errata-xmlrpc 2011-08-29 17:27:47 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2011:1219 https://rhn.redhat.com/errata/RHSA-2011-1219.html
Comment 18 errata-xmlrpc 2011-08-29 17:38:23 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1221 https://rhn.redhat.com/errata/RHSA-2011-1221.html
Note You need to log in before you can comment on or make changes to this bug.