The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.

According to its version number, the remote Samba server is affected by a flaw that may allow a local attacker to get access to the passwords sent to the winbindd daemon if the debug level has been set to 5 or higher.

Samba Security Advisory :

The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regarding domain users and groups.

The winbindd daemon writes the clear text of server's machine credentials to its log file at level 5. The winbindd log files are world readable by default and often log files are requested on open mailing lists as tools used to debug server misconfigurations.

This affects servers configured to use domain or ads security and possibly Samba domain controllers as well (if configured to use winbindd).

---------------------------------------------------------------------

  - Thu Mar 30 2006 Jay Fenlason <fenlason at redhat.com>     2.0.21c-1.fc5

    - New upstream version, fixing bz#187170 CVE-2005-1059       Samba clear text password exposure

  - include gnutls-devel in BuildRequires

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Samba server, according to its version number, may be vulnerable to a local flaw.  Specifically, if debugging has been set to level 5 or higher, the local SAMBA process will log account credentials.  These credentials can be read by local users and used in future attacks.

ID	Name	Product	Family	Severity
24684	Samba winbindd Debug Log Server Credentials Local Disclosure	Nessus	Misc.	low
21476	FreeBSD : samba -- Exposure of machine account credentials in winbind log files (92fd40eb-c458-11da-9c79-00123ffe8333)	Nessus	FreeBSD Local Security Checks	low
21169	Fedora Core 5 : samba-3.0.22-1.fc5 (2006-259)	Nessus	Fedora Local Security Checks	low
3499	Samba < 3.0.22 Local File Permissions Credentials Disclosure	Nessus Network Monitor	Samba	low

Detections

Analytics

CVE-2006-1059

high

Tenable Plugins

low

low

low

low