7.5
CVE-2004-0082
- EPSS 3.5%
- Veröffentlicht 03.03.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:54
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.5% | 0.876 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt
http://www.ciac.org/ciac/bulletins/o-078.shtml
http://www.osvdb.org/3919
http://www.redhat.com/support/errata/RHSA-2004-064.html
http://www.securityfocus.com/bid/9637
http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15132
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827