CVE-2006-1059

Sažetak

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.

Reference

http://secunia.com/advisories/19455
http://secunia.com/advisories/19468
http://secunia.com/advisories/19539
http://securitytracker.com/id?1015850
http://us1.samba.org/samba/security/CAN-2006-1059.html
http://www.osvdb.org/24263
http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00114.html
http://www.securityfocus.com/archive/1/429370/100/0/threaded
http://www.securityfocus.com/bid/17314
http://www.trustix.org/errata/2006/0018
http://www.vupen.com/english/advisories/2006/1179
https://exchange.xforce.ibmcloud.com/vulnerabilities/25575

CVSS

Base:	1.2
Impact:	2.9
Exploitability:	1.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:H/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:30

Objavljeno

30-03-2006 - 17:06