CVE-2004-0082
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
mksmbpasswd en Samba 3.0.0 y 3.0.1, cuando se crea una cuenta pero se marca como desactivada, puede sobreescribir la contraseña de usaurio con un búfer sin inicializar, lo que podría activar la cuenta con una contraseña más facil de adivinar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-01-19 CVE Reserved
- 2004-03-03 CVE Published
- 2024-08-08 CVE Updated
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt | X_refsource_confirm | |
| http://www.ciac.org/ciac/bulletins/o-078.shtml | Government Resource | |
| http://www.osvdb.org/3919 | Vdb Entry | |
| http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15132 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2004-064.html | 2018-10-30 | |
| http://www.securityfocus.com/bid/9637 | 2018-10-30 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2004-0082 | 2004-02-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1617143 | 2004-02-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.0 Search vendor "Samba" for product "Samba" and version "3.0.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.1 Search vendor "Samba" for product "Samba" and version "3.0.1" | - |
Affected
| ||||||