Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1059

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2006-1059
Last Modified 07 Mar 2011 09:31:53
Published 30 Mar 2006 12:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2006-1059

Summary

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.

Vulnerable Systems

Application

  • Samba 3.0.21

  • Samba 3.0.21a

  • Samba 3.0.21b

  • Samba 3.0.21c


References

BUGTRAQ - 20060330 [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files

CONFIRM - http://us1.samba.org/samba/security/CAN-2006-1059.html

SECUNIA - 19455

XF - samba-logfile-account-cleartext(25575)

VUPEN - ADV-2006-1179

TRUSTIX - 2006-0018

BID - 17314

FEDORA - FEDORA-2006-259

OSVDB - 24263

SECTRACK - 1015850

SECUNIA - 19539

SECUNIA - 19468


Last Updated: 27 May 2016 10:41:54