| Vulnerability Name: | CVE-2004-0082 (CCN-15132) | ||||||||||||||||
| Assigned: | 2004-02-09 | ||||||||||||||||
| Published: | 2004-02-09 | ||||||||||||||||
| Updated: | 2018-10-30 | ||||||||||||||||
| Summary: | The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. | ||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2004-0082 Source: CCN Type: RHSA-2004-064 samba security update Source: CONFIRM Type: UNKNOWN http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt Source: CCN Type: Samba Web site Download Source: CCN Type: CIAC Information Bulletin O-078 Samba - Unauthorized Access to SMB Accounts Source: CIAC Type: UNKNOWN O-078 Source: OSVDB Type: UNKNOWN 3919 Source: CCN Type: OSVDB ID: 3919 Samba mksmbpasswd.sh Uninitialized Passwords Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:064 Source: BID Type: Patch, Vendor Advisory 9637 Source: CCN Type: BID-9637 Samba Mksmbpasswd.sh Insecure User Account Creation Vulnerability Source: CONFIRM Type: UNKNOWN http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html Source: XF Type: UNKNOWN samba-mksmbpasswd-gain-access(15132) Source: XF Type: UNKNOWN samba-mksmbpasswd-gain-access(15132) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:827 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||