VDB

GCVE-110-MAGEIA-2014-138

GCVE-110-MAGEIA-2014-138
Advisory Published
Vulnetix · Advisory published March 23, 2014
In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication (CVE-2013-4496)

Affected Products

VendorProductVersionsPlatforms
Mageiax11-driver-video-intel2.99.909-1.2.mga4 (unaffected), 0 (affected)
Mageiasamba0 (affected), 3.6.15-1.4.mga3 (unaffected), 0 (affected), 3.6.15-1.4.mga3 (unaffected)
Mageiasamba0 (affected), 3.6.23-1.mga4 (unaffected), 0 (affected), 3.6.23-1.mga4 (unaffected)

Browse GCVE Records

73,196 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›