Lucene search

[email protected]CVE-2004-0082

HistorySep 01, 2004 - 4:00 a.m.

CVE-2004-0082

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0082

samba

account security

password vulnerability

nvd

uninitialized buffer

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.

Affected configurations

NVD

Node

sambasambaMatch3.0.0

sambasambaMatch3.0.1

CPENameOperatorVersion
samba:sambasambaeq3.0.0
samba:sambasambaeq3.0.1

CPE	Name	Operator	Version
samba:samba	samba	eq	3.0.0
samba:samba	samba	eq	3.0.1

References

us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt

www.ciac.org/ciac/bulletins/o-078.shtml

www.osvdb.org/3919

www.redhat.com/support/errata/RHSA-2004-064.html

www.securityfocus.com/bid/9637

www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html

exchange.xforce.ibmcloud.com/vulnerabilities/15132

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2004-0082

redhat1 samba1 nvd1 nessus4 freebsd1 openvas3 cvelist1 debiancve1