ID CVE-2004-0082
Summary The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
References
Vulnerable Configurations
  • Samba 3.0.0
    cpe:2.3:a:samba:samba:3.0.0
  • Samba 3.0.1
    cpe:2.3:a:samba:samba:3.0.1
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3388EFF95D6E11D880E30020ED76EF5A.NASL
    description From the Samba 3.0.2 release notes : Security Announcement: It has been confirmed that previous versions of Samba 3.0 are susceptible to a password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 37695
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37695
    title FreeBSD : Samba 3.0.x password initialization bug (3388eff9-5d6e-11d8-80e3-0020ed76ef5a)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_SAMBA_301_2.NASL
    description The following package needs to be updated: samba
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12611
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12611
    title FreeBSD : Samba 3.0.x password initialization bug (172)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-064.NASL
    description Updated Samba packages that fix a security vulnerability are now available. Samba provides file and printer sharing services to SMB/CIFS clients. The Samba team discovered an issue that affects version 3.0.0 and 3.0.1 of Samba. If an account for a user is created, but marked as disabled using the mksmbpasswd script, it is possible for Samba to overwrite the user's password with the contents of an uninitialized buffer. This might lead to a disabled account becoming enabled with a password that could be guessed by an attacker. Although this is likely to be a low risk issue for most Samba users, we have provided updated packages, which contain a backported patch correcting this issue. Red Hat would like to thank the Samba team for reporting this issue and providing us with a patch. Note: Due to a packaging error in samba-3.0.0-14.3E, the winbind daemon is not automatically restarted when the Samba package is upgraded. After up2date has installed the samba-3.0.2-4.3E packages, you must run '/sbin/service winbind condrestart' as root to restart the winbind daemon.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12467
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12467
    title RHEL 3 : samba (RHSA-2004:064)
  • NASL family Misc.
    NASL id SAMBA_MKSMBPASSWD.NASL
    description According to its banner, the version of Samba running on the remote host is earlier than 3.0.2. Such versions are shipped with an account creation script (mksmbpasswd.sh) that, when utilized to disable a user account, may overwrite the user's password with the contents of an uninitialized buffer. This could lead to a disabled account becoming re-enabled with an easily guessable password. Note that Nessus has not actually tried to exploit the issue or determine if the issue has been fixed by a backported patch.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 17722
    published 2011-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17722
    title Samba < 3.0.2 mksmbpasswd.sh Uninitialized Passwords
oval via4
accepted 2010-09-20T04:00:38.639-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Matt Busby
    organization The MITRE Corporation
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
family unix
id oval:org.mitre.oval:def:827
status accepted
submitted 2004-03-20T12:00:00.000-04:00
title Samba mksmboasswd Disabled Account Creation Vulnerability
version 37
redhat via4
advisories
rhsa
id RHSA-2004:064
refmap via4
bid 9637
ciac O-078
confirm
osvdb 3919
xf samba-mksmbpasswd-gain-access(15132)
Last major update 05-09-2008 - 16:37
Published 03-03-2004 - 00:00
Last modified 30-10-2018 - 12:25
Back to Top