CVE Vulnerabilities

CVE-2004-0082

Published: Mar 03, 2004 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.

Affected Software

Name Vendor Start Version End Version
Samba Samba 3.0.0 (including) 3.0.0 (including)
Samba Samba 3.0.1 (including) 3.0.1 (including)
Red Hat Enterprise Linux 3 RedHat samba-0:3.0.2-6.3E *

References