Lucene search

MitreCVE-2001-0981

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2001-0981

2002-06-2504:00:00

mitre

web.nvd.nist.gov

hp server

cifs/9000

samba

unix password sync

cve-2001-0981

password change

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.5%

JSON

HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the “unix password sync” option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.

Affected configurations

Nvd

Node

hpcifs-9000_serverRange≤a.01.07

VendorProductVersionCPE
hpcifs-9000_server*cpe:2.3:a:hp:cifs-9000_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	cifs-9000_server	*	cpe:2.3:a:hp:cifs-9000_server::::::::

References

archives.neohapsis.com/archives/hp/2001-q3/0048.html

exchange.xforce.ibmcloud.com/vulnerabilities/7051

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.5%

JSON

Related for CVE-2001-0981