CVE-2001-0981
First published: Fri Aug 31 2001(Updated: )
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP CIFS/9000 Server | <=a.01.07 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-0981?
CVE-2001-0981 is considered to be high severity due to the potential for unauthorized password changes.
How do I fix CVE-2001-0981?
To fix CVE-2001-0981, disable the 'unix password sync' option in HP CIFS/9000 Server configurations.
What versions of HP CIFS/9000 Server are affected by CVE-2001-0981?
CVE-2001-0981 affects HP CIFS/9000 Server version A.01.07 and earlier.
What could happen if CVE-2001-0981 is exploited?
If exploited, CVE-2001-0981 could allow attackers to change the passwords of different users inadvertently.
Is there a workaround for CVE-2001-0981?
Yes, a workaround for CVE-2001-0981 includes turning off the 'unix password sync' feature until a permanent fix is applied.
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/hp
- canonical/hp cifs/9000 server
- version/hp cifs/9000 server/a.01.07