Red Hat Bugzilla – Bug 114995
CAN-2004-0082 mksmbpasswd vulnerability
Last modified: 2014-08-31 19:25:53 EDT
The Samba security team have notified us of an issue that affects
3.0.0 and 3.0.1 versions of Samba. If a users account is created
using the mksmbpasswd script then it is possible for Samba to
overwrite the users password with the contents of an uninitialized
buffer. This might lead to a password that is easier to guess by an
This issue affects the version of Samba shipped with Red Hat
Enterprise Linux 3 only.
This issue is embargoed until 2004Feb09
Removing embargo from bug. RHSA-2004:064 in progress with 3.0.2
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.