FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- Exposure of machine account credentials in winbind log files

Affected packages
3.0.21a,1 <= samba < 3.0.22,1
3.0.21a,1 <= ja-samba < 3.0.22,1


VuXML ID 92fd40eb-c458-11da-9c79-00123ffe8333
Discovery 2006-03-30
Entry 2006-04-05

Samba Security Advisory:

The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regarding domain users and groups.

The winbindd daemon writes the clear text of server's machine credentials to its log file at level 5. The winbindd log files are world readable by default and often log files are requested on open mailing lists as tools used to debug server misconfigurations.

This affects servers configured to use domain or ads security and possibly Samba domain controllers as well (if configured to use winbindd).


CVE Name CVE-2006-1059