CVE-2006-1059 Information
Description
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files which allows local users to obtain the password and spoof the server in the domain.
Reference
http://secunia.com/advisories/19455 http://secunia.com/advisories/19468 http://secunia.com/advisories/19539 http://securitytracker.com/id?1015850 http://us1.samba.org/samba/security/CAN-2006-1059.html http://www.osvdb.org/24263 http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00114.html http://www.securityfocus.com/archive/1/429370/100/0/threaded http://www.securityfocus.com/bid/17314 http://www.trustix.org/errata/2006/0018 http://www.vupen.com/english/advisories/2006/1179 https://exchange.xforce.ibmcloud.com/vulnerabilities/25575
Share on: