CVE-2004-0082

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2004-064.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/9637	Patch Vendor Advisory
http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt
http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html
http://www.ciac.org/ciac/bulletins/o-078.shtml
http://www.osvdb.org/3919
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827
https://exchange.xforce.ibmcloud.com/vulnerabilities/15132

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba:3.0.1:::::::*
	cpe:2.3:a:samba:samba:3.0.0:::::::*

Information

Published : 2004-03-02 21:00

Updated : 2018-10-30 09:25

NVD link : CVE-2004-0082

Mitre link : CVE-2004-0082

JSON object : View

CWE

NVD-CWE-Other

Products Affected

samba

samba

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2004-064.html", "name": "RHSA-2004:064", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/9637", "name": "9637", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt", "name": "http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html", "name": "http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.ciac.org/ciac/bulletins/o-078.shtml", "name": "O-078", "tags": [], "refsource": "CIAC"}, {"url": "http://www.osvdb.org/3919", "name": "3919", "tags": [], "refsource": "OSVDB"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827", "name": "oval:org.mitre.oval:def:827", "tags": [], "refsource": "OVAL"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15132", "name": "samba-mksmbpasswd-gain-access(15132)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0082", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-03-03T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:25Z"}

7.5 /10