CVE-2004-0082 — Samba vulnerability

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

2.1%

top 15.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedMar 3

Latest updateApr 29

Description

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/samba< samba 3.0.7 (bookworm)

▶Debiansamba/samba< 3.0.7+3

▶NVDsamba/samba3.0.0, 3.0.1+1

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-hwfq-3hhr-352p: The mksmbpasswd shell script (mksmbpasswd↗2022-04-29

▶

OSV

CVE-2004-0082: The mksmbpasswd shell script (mksmbpasswd↗2004-03-03

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-02-13

▶

Debian

CVE-2004-0082: samba - The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when cre...↗2004

▶

💬Community

Bugzilla

CVE-2004-0082 security flaw↗2018-08-16

▶