- Overview
- Features
- Architecture & Open API
- Try NeXpose
- Buy NeXpose
- System Requirements
- Vulnerabilities Tested
- NeXpose Information
Search Hints:
Try searching for a product or vendor.
Only vulnerabilities that match all search terms will be returned.
Enclose search terms in double quotes for an exact search.
For CVE searches, only enter the CVE-YYYY-XXXX code.
Try searching for a product or vendor.
Only vulnerabilities that match all search terms will be returned.
Enclose search terms in double quotes for an exact search.
For CVE searches, only enter the CVE-YYYY-XXXX code.
NeXpose Vulnerability Database
< Previous Next >Samba Easily Guessable New Password Weakness
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Severe (6) | 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Mar 3, 2004 | Aug 31, 2007 | Sep 21, 2007 |
Description:
Certain versions of Samba contain a weakness in the 'mksmbpasswd' shell script that can result in the creation of new users with a password containing an uninitialized buffer. This could result in a password that is more easily guessable, allowing an attacker to gain access to the account.
References:
- BID: http://www.securityfocus.com/bid/9637
- CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0082
- OSVDB: http://www.osvdb.org/displayvuln.php?osvdb_id=3919
- SECUNIA: http://secunia.com/advisories/10842/
- URL: http://samba.org/samba/security/CVE-2004-0082.html
Solution:
Upgrade to Samba 3.0.2
Download and apply the upgrade from: http://us1.samba.org/samba/ftp/old-versions/samba-3.0.2.tar.gz
Information on these pages is summary information extracted from the NeXpose Vulnerabilty Assessment system. Full details are provided within the NeXpose product for licensed users.