FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-1059

This CVE name corresponds to:

Entered Topic
2006-04-05 samba -- Exposure of machine account credentials in winbind log files

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-1059
Phase Assigned(20060307)

Description

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.

References

Source Reference
BUGTRAQ 20060330 [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files
CONFIRM http://us1.samba.org/samba/security/CAN-2006-1059.html
FEDORA FEDORA-2006-259
TRUSTIX 2006-0018
BID 17314
VUPEN ADV-2006-1179
OSVDB 24263
SECTRACK 1015850
SECUNIA 19455
SECUNIA 19468
SECUNIA 19539
XF samba-logfile-account-cleartext(25575)