This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote host might contain a flawed account management script.
According to its banner, the version of Samba running on the remote
host is earlier than 3.0.2. Such versions are shipped with an account
creation script (mksmbpasswd.sh) that, when utilized to disable a user
account, may overwrite the user's password with the contents of an
uninitialized buffer. This could lead to a disabled account becoming
re-enabled with an easily guessable password.
Note that Nessus has not actually tried to exploit the issue or
determine if the issue has been fixed by a backported patch.
See also :
Upgrade to Samba 3.0.2 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Nessus Plugin ID: 17722 ()
Bugtraq ID: 9637
CVE ID: CVE-2004-0082
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.