Samba < 3.0.2 Uninitialized Passwords

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.

Synopsis :

The remote host might contain a flawed account management script.

Description :

According to its banner, the version of Samba running on the remote
host is earlier than 3.0.2. Such versions are shipped with an account
creation script ( that, when utilized to disable a user
account, may overwrite the user's password with the contents of an
uninitialized buffer. This could lead to a disabled account becoming
re-enabled with an easily guessable password.

Note that Nessus has not actually tried to exploit the issue or
determine if the issue has been fixed by a backported patch.

See also :

Solution :

Upgrade to Samba 3.0.2 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 17722 ()

Bugtraq ID: 9637

CVE ID: CVE-2004-0082