Info

Disclosure

Feb 09, 2004

Discovery

Feb 09, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

Samba contains a flaw that may allow a malicious user to gain access. The issue is triggered when mksmbpasswd.sh is used to create accounts, and does not initialize passwords. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and integrity.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Disclosure: OSVDB Verified

Solution

Upgrade to version 3.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Andrew Tridgell	Samba	3.0.0
		3.0.1

References

Secunia Advisory ID: 10842
ISS X-Force ID: 15132
CVE ID: 2004-0082 (see also: NVD)
SCIP VulDB ID: 512
Vendor Specific Advisory URL: http://us2.samba.org/samba/ftp/WHATSNEW-3.0.2.txt
CIAC Advisory: o-078

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3919

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Andrew Tridgell

Samba

References

Credit