Bug 114995 - CAN-2004-0082 mksmbpasswd vulnerability
Summary: CAN-2004-0082 mksmbpasswd vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: samba
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jay Fenlason
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-02-05 10:00 UTC by Mark J. Cox
Modified: 2014-08-31 23:25 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-02-18 10:31:35 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:064 0 normal SHIPPED_LIVE Low: samba security update 2004-05-21 04:00:00 UTC

Description Mark J. Cox 2004-02-05 10:00:20 UTC 
The Samba security team have notified us of an issue that affects
3.0.0 and 3.0.1 versions of Samba.  If a users account is created
using the mksmbpasswd script then it is possible for Samba to
overwrite the users password with the contents of an uninitialized
buffer.  This might lead to a password that is easier to guess by an
attacker.

This issue affects the version of Samba shipped with Red Hat
Enterprise Linux 3 only.

This issue is embargoed until 2004Feb09
Comment 1 Mark J. Cox 2004-02-10 11:35:55 UTC 
Removing embargo from bug.  RHSA-2004:064 in progress with 3.0.2
packages attached.
Comment 2 Mark J. Cox 2004-02-18 10:31:35 UTC 
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-064.html
Note You need to log in before you can comment on or make changes to this bug.