Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Samba | Samba | 3.6.0 (including) | 3.6.0 (including) |
Samba | Samba | 3.6.1 (including) | 3.6.1 (including) |
Samba | Samba | 3.6.2 (including) | 3.6.2 (including) |
Samba | Samba | 3.6.3 (including) | 3.6.3 (including) |
Samba | Samba | 3.6.4 (including) | 3.6.4 (including) |
Samba | Samba | 3.6.5 (including) | 3.6.5 (including) |
Samba | Samba | 3.6.6 (including) | 3.6.6 (including) |
Samba | Samba | 3.6.7 (including) | 3.6.7 (including) |
Samba | Samba | 3.6.8 (including) | 3.6.8 (including) |
Samba | Samba | 3.6.9 (including) | 3.6.9 (including) |
Samba | Samba | 3.6.10 (including) | 3.6.10 (including) |
Samba | Samba | 3.6.11 (including) | 3.6.11 (including) |
Red Hat Enterprise Linux 5 | RedHat | samba3x-0:3.6.6-0.136.el5 | * |
Red Hat Enterprise Linux 5 | RedHat | samba-0:3.0.33-3.40.el5_10 | * |
Red Hat Enterprise Linux 6 | RedHat | samba-0:3.6.9-164.el6 | * |
Samba | Ubuntu | hardy | * |
Samba | Ubuntu | lucid | * |
Samba | Ubuntu | oneiric | * |
Samba | Ubuntu | precise | * |
Samba | Ubuntu | quantal | * |
Samba | Ubuntu | upstream | * |
Samba4 | Ubuntu | lucid | * |
Samba4 | Ubuntu | oneiric | * |
Samba4 | Ubuntu | precise | * |
Samba4 | Ubuntu | quantal | * |
Samba4 | Ubuntu | raring | * |