Vulnerability CVE-2001-0981


Published: 2001-08-31   Modified: 2012-02-12

Description:
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
HP -> Cifs-9000 server 

 References:
http://archives.neohapsis.com/archives/hp/2001-q3/0048.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7051

Copyright 2020, cxsecurity.com

 

Back to Top