CVE-2006-1059

Published: Mar 30, 2006Modified: Apr 16, 2026

1.2

Vector

AV:L/AC:H/Au:N/C:P/I:N/A:N

Exploitability: 1.9 / Impact: 2.9

Source: NVD

Description

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.

Affected (4)

Products: Samba: Samba

Samba

1 product

Samba

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	Version 3.0.21
Samba Samba	Version 3.0.21a
Samba Samba	Version 3.0.21b
Samba Samba	Version 3.0.21c

References (24)

http://secunia.com/advisories/19455

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/19468

Source: secalert@redhat.com

http://secunia.com/advisories/19539

Source: secalert@redhat.com

http://securitytracker.com/id?1015850

Source: secalert@redhat.com

http://us1.samba.org/samba/security/CAN-2006-1059.html

Source: secalert@redhat.com

Patch

http://www.osvdb.org/24263

Source: secalert@redhat.com

http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00114.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/429370/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/17314

Source: secalert@redhat.com

http://www.trustix.org/errata/2006/0018

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2006/1179

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/25575

Source: secalert@redhat.com

http://secunia.com/advisories/19455