Description
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7051
Patch, Vendor Advisory vendor-advisory
x_refsource_hp
http://archives.neohapsis.com/archives/hp/2001-q3/0048.html
Scores
EPSS
0.0039
EPSS Percentile
60.4%
Details
Status
published
Products (1)
hp/cifs-9000_server
< a.01.07
Published
Aug 31, 2001
Tracked Since
Feb 18, 2026