CVE-2011-2522

Name of the Vulnerable Software and Affected Versions Samba versions 3.5.6 Samba versions prior to 3.5.10 cifs-utils version 4.8.1

Description The issue concerns multiple vulnerabilities in the Samba software package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the Samba Web Administration Tool (SWAT) in Samba 3.x is affected by multiple cross-site request forgery (CSRF) vulnerabilities, allowing remote attackers to hijack the authentication of administrators for various requests, such as shutting down daemons, starting daemons, adding shares, removing shares, adding printers, removing printers, adding user accounts, or removing user accounts.

Recommendations For Samba versions 3.5.6, consider updating to a version prior to 3.5.10 to mitigate the risk. For cifs-utils version 4.8.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Samba Web Administration Tool (SWAT) to minimize the risk of exploitation. Avoid using the Samba software package until the issue is resolved.