Samba Mksmbpasswd.sh Insecure User Account Creation Vulnerability Solution:
Red Hat has released an advisory (RHSA-2004:064-10) and fixes to address this issue in Red Hat enterprise products. Customers who are subscribed to the Red Hat Network may employ the up2date utility to retrieve appropriate fixes, further information can be found in the referenced advisory. Red Hat have stated that after the update is applied, "/sbin/service winbind condrestart" must be run as root to restart the winbind daemon.
Fedora has released advisory FEDORA-2004-074 dealing with this issue.
The vendor has released an upgrade to address this issue:
Samba Samba 3.0
Samba Samba 3.0 alpha
Samba Samba 3.0.1
