Samba winbindd Debug Log Server Credentials Local Disclosure

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is vulnerable to a local information
disclosure flaw.

Description :

According to its version number, the remote Samba server is affected
by a flaw that may allow a local attacker to get access to the
passwords sent to the winbindd daemon if the debug level has been set
to 5 or higher.

See also :

http://www.securityfocus.com/archive/1/archive/1/429370/100/0/threaded
http://us1.samba.org/samba/security/CVE-2006-1059.html

Solution :

Upgrade to Samba 3.0.22 or set the debug level to a value lower than
5.

Risk factor :

Low / CVSS Base Score : 1.2
(CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 24684 ()

Bugtraq ID: 17314

CVE ID: CVE-2006-1059