Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Samba 3.0.0 <= 3.0.1 Vulnerability (CVE-2004-0082)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
mksmbpasswd shell script may create accounts with easily guessable passwords.
Insight
Insight
It has been confirmed that previous versions of Samba 3.0 are susceptible to a password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script. Samba administrators not wishing to upgrade to the current version should download the 3.0.2 release, build the pdbedit tool, and run root# pdbedit-3.0.2 --force-initialized-passwords This will disable all accounts not possessing a valid password (e.g. the password field has been set a string of X's). Samba servers running 3.0.2 are not vulnerable to this bug regardless of whether or not pdbedit has been used to sanitize the passdb backend.
Affected Software
Affected Software
Samba versions 3.0.0 through 3.0.1.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 3.0.2 or later.