Bug 114995 - CAN-2004-0082 mksmbpasswd vulnerability
CAN-2004-0082 mksmbpasswd vulnerability
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: samba (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-05 05:00 EST by Mark J. Cox (Product Security)
Modified: 2014-08-31 19:25 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-02-18 05:31:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2004-02-05 05:00:20 EST
The Samba security team have notified us of an issue that affects
3.0.0 and 3.0.1 versions of Samba.  If a users account is created
using the mksmbpasswd script then it is possible for Samba to
overwrite the users password with the contents of an uninitialized
buffer.  This might lead to a password that is easier to guess by an
attacker.

This issue affects the version of Samba shipped with Red Hat
Enterprise Linux 3 only.

This issue is embargoed until 2004Feb09
Comment 1 Mark J. Cox (Product Security) 2004-02-10 06:35:55 EST
Removing embargo from bug.  RHSA-2004:064 in progress with 3.0.2
packages attached.
Comment 2 Mark J. Cox (Product Security) 2004-02-18 05:31:35 EST
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-064.html

Note You need to log in before you can comment on or make changes to this bug.