7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
84.0%
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
CPE | Name | Operator | Version |
---|---|---|---|
samba:samba | samba | eq | 3.0.0 |
samba:samba | samba | eq | 3.0.1 |
us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt
www.ciac.org/ciac/bulletins/o-078.shtml
www.osvdb.org/3919
www.redhat.com/support/errata/RHSA-2004-064.html
www.securityfocus.com/bid/9637
www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html
exchange.xforce.ibmcloud.com/vulnerabilities/15132
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827