Samba < 3.0.2 mksmbpasswd.sh Uninitialized Passwords

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote host might contain a flawed account management script.

Description :

According to its banner, the version of Samba running on the remote
host is earlier than 3.0.2. Such versions are shipped with an account
creation script (mksmbpasswd.sh) that, when utilized to disable a user
account, may overwrite the user's password with the contents of an
uninitialized buffer. This could lead to a disabled account becoming
re-enabled with an easily guessable password.

Note that Nessus has not actually tried to exploit the issue or
determine if the issue has been fixed by a backported patch.

See also :

http://www.samba.org/samba/history/samba-3.0.2.html

Solution :

Upgrade to Samba 3.0.2 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 17722 ()

Bugtraq ID: 9637

CVE ID: CVE-2004-0082