CVE-2006-1059 — Samba vulnerability

5 documents5 sources

Severity

1.2LOWNVD

EPSS

0.5%

top 36.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedMar 30

Latest updateMay 1

Description

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/samba< samba 3.0.22-1 (bookworm)

▶Debiansamba/samba< 3.0.22-1+3

▶NVDsamba/samba4 versions+3

Patches

Patch: secunia.com ↗Patch: us1.samba.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-cgxg-c5wj-xpf3: The winbindd daemon in Samba 3↗2022-05-01

▶

OSV

CVE-2006-1059: The winbindd daemon in Samba 3↗2006-03-30

▶

📋Vendor Advisories

Debian

CVE-2006-1059: samba - The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account ...↗2006

▶

💬Community

Bugzilla

CVE-2006-1059 Samba clear text password exposure↗2006-03-28

▶