Vulnerability Details : CVE-2004-0082
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
Products affected by CVE-2004-0082
- cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0082
2.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0082
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-0082
-
http://www.osvdb.org/3919
404 Not Found
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15132
Samba mksmbpasswd.sh could allow an attacker to gain access to user`s account CVE-2004-0082 Vulnerability Report
-
http://www.ciac.org/ciac/bulletins/o-078.shtml
-
http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt
Site not found (404)
-
http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html
VuXML: Samba 3.0.x password initialization bug
-
http://www.redhat.com/support/errata/RHSA-2004-064.html
SupportPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/9637
Patch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827
404 Not Found
Jump to