Lucene search

[email protected]CVE-2001-0981

HistoryAug 31, 2001 - 4:00 a.m.

CVE-2001-0981

2001-08-3104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

hp server

cifs/9000

samba

unix password sync

cve-2001-0981

password change

nvd

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

58.8%

JSON

HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the “unix password sync” option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.

CPENameOperatorVersion
hp:cifs-9000_serverhp cifs-9000 serverlea.01.07

CPE	Name	Operator	Version
hp:cifs-9000_server	hp cifs-9000 server	le	a.01.07

References

archives.neohapsis.com/archives/hp/2001-q3/0048.html

exchange.xforce.ibmcloud.com/vulnerabilities/7051

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

58.8%

JSON