| ID |
CVE-2004-0082
|
| Summary |
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.5 (as of 30-10-2018 - 16:25) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| oval
via4
|
| accepted | 2010-09-20T04:00:38.639-04:00 | | class | vulnerability | | contributors | | name | Jay Beale | | organization | Bastille Linux |
| name | Matt Busby | | organization | The MITRE Corporation |
| name | Thomas R. Jones | | organization | Maitreya Security |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| | description | The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. | | family | unix | | id | oval:org.mitre.oval:def:827 | | status | accepted | | submitted | 2004-03-20T12:00:00.000-04:00 | | title | Samba mksmboasswd Disabled Account Creation Vulnerability | | version | 41 |
|
| redhat
via4
|
| advisories | | | rpms | - samba-0:3.0.2-6.3E
- samba-client-0:3.0.2-6.3E
- samba-common-0:3.0.2-6.3E
- samba-swat-0:3.0.2-6.3E
|
|
| refmap
via4
|
| bid | 9637 | | ciac | O-078 | | confirm | | | osvdb | 3919 | | xf | samba-mksmbpasswd-gain-access(15132) |
|
| Last major update |
30-10-2018 - 16:25 |
| Published |
03-03-2004 - 05:00 |
| Last modified |
30-10-2018 - 16:25 |
