samba: clear text password exposure
| Package(s): | samba |
CVE #(s): | CVE-2006-1059
|
| Created: | March 31, 2006 |
Updated: | April 4, 2006 |
| Description: |
According to this Samba advisory the
winbindd daemon included in Samba 3.0.21 and subsequent patch releases
(3.0.21a-c) writes the clear text of server's machine credentials to its
log file at level 5. The winbindd log files are world readable by default
and often log files are requested on open mailing lists as tools used to
debug server misconfigurations. This vulnerability has been fixed in Samba
3.0.22. |
| Alerts: |
|
