CVE-2004-0082

Sažetak

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.

Reference

http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt
http://www.ciac.org/ciac/bulletins/o-078.shtml
http://www.osvdb.org/3919
http://www.redhat.com/support/errata/RHSA-2004-064.html
http://www.securityfocus.com/bid/9637
http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15132
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

30-10-2018 - 16:25

Objavljeno

03-03-2004 - 05:00