CVE-2004-0082

Name of the Vulnerable Software and Affected Versions Samba versions 3.0.0 through 3.0.1

Description The issue is related to the mksmbpasswd shell script (mksmbpasswd.sh) in Samba, which may overwrite the user password with an uninitialized buffer when creating an account but marking it as disabled. This could enable the account with a more easily guessable password. The flaw may allow a malicious user to gain access, resulting in a loss of confidentiality and integrity.

Recommendations For Samba versions 3.0.0 and 3.0.1, consider disabling the use of the mksmbpasswd.sh script until a patch is available to prevent potential unauthorized access. For Samba versions 3.0.0 and 3.0.1, restrict access to account creation functionality to minimize the risk of exploitation.