Vulnerability Name:

CVE-2006-1059 (CCN-25575)

Assigned:2006-03-29
Published:2006-03-29
Updated:2018-10-18
Summary:The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.
CVSS v3 Severity:2.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
1.2 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Wed Mar 29 2006 - 23:22:34 CST
[SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files

Source: MITRE
Type: CNA
CVE-2006-1059

Source: CCN
Type: SA19455
Samba Exposure of Machine Account Credentials

Source: SECUNIA
Type: Patch, Vendor Advisory
19455

Source: SECUNIA
Type: UNKNOWN
19468

Source: SECUNIA
Type: UNKNOWN
19539

Source: CCN
Type: SECTRACK ID: 1015850
Samba winbindd Daemon Discloses Server Password to Local Users

Source: SECTRACK
Type: UNKNOWN
1015850

Source: CONFIRM
Type: Patch
http://us1.samba.org/samba/security/CAN-2006-1059.html

Source: CCN
Type: Samba Web site
CAN-2006-1059: Exposure of machine account credentials in winbind log files

Source: OSVDB
Type: UNKNOWN
24263

Source: CCN
Type: OSVDB ID: 24263
Samba winbindd Debug Log Server Credentials Local Disclosure

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-259

Source: BUGTRAQ
Type: UNKNOWN
20060330 [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files

Source: BID
Type: UNKNOWN
17314

Source: CCN
Type: BID-17314
Samba Machine Trust Account Local Information Disclosure Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2006-0018

Source: VUPEN
Type: UNKNOWN
ADV-2006-1179

Source: XF
Type: UNKNOWN
samba-logfile-account-cleartext(25575)

Source: XF
Type: UNKNOWN
samba-logfile-account-cleartext(25575)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:samba:3.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21c:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:3.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21c:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:112075
    P
    		cifs-utils-6.13-1.3 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:112125
    P
    		ctdb-4.14.6+git.182.2205d5224e3-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105662
    P
    		Security update for MozillaFirefox (Important)
    2021-11-10
    oval:org.opensuse.security:def:105618
    P
    		cifs-utils-6.13-1.3 on GA media (Moderate)
    2021-10-01
    BACK
    samba samba 3.0.21
    samba samba 3.0.21a
    samba samba 3.0.21b
    samba samba 3.0.21c
    samba samba 3.0.21
    samba samba 3.0.21a
    samba samba 3.0.21b
    samba samba 3.0.21c