返回 CVE 浏览器

CVE-2001-1106

HIGH

7.5

CVSS Severity Score

EPSS Score0.1880%

EPSS Percentile17.63th

Published2001年7月25日

Last Modified2026年4月16日

Vulnerability Description

The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.

Affected Platforms (CPE)

📦

Sambar

Sambar Server

= 4.1

📦

Sambar

Sambar Server

= 4.2.1_production

📦

Sambar

Sambar Server

= 4.3

📦

Sambar

Sambar Server

= 4.4

📦

Sambar

Sambar Server

= 5.0

📦

Sambar

Sambar Server

= 5.0

📦

Sambar

Sambar Server

= 5.0

📦

Sambar

Sambar Server

= 5.0

📦

Sambar

Sambar Server

= 5.0

References & Advisories

🔗 http://www.securityfocus.com/archive/1/199418

🔗 http://www.securityfocus.com/bid/3095

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/6909

🔗 http://www.securityfocus.com/archive/1/199418

🔗 http://www.securityfocus.com/bid/3095

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/6909

相关漏洞威胁

CVE-2000-050910.0

Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary co...

CVE-2002-01287.5

cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrar...

CVE-1999-15237.5

Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary co...

CVE-2003-12867.5

HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to sen...