Detections
Analytics

Samba winbindd Debug Log Server Credentials Local Disclosure

low Nessus Plugin ID 24684

Language:

Synopsis

The remote Samba server is vulnerable to a local information disclosure flaw.

Description

According to its version number, the remote Samba server is affected by a flaw that may allow a local attacker to get access to the passwords sent to the winbindd daemon if the debug level has been set to 5 or higher.

Solution

Upgrade to Samba 3.0.22 or set the debug level to a value lower than 5.

See Also

https://www.securityfocus.com/archive/1/archive/1/429370/100/0/threaded

https://www.samba.org/samba/security/CVE-2006-1059.html

Plugin Details

Severity: Low

ID: 24684

File Name: samba_local_info_disclosure.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 2/22/2007

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Low

Base Score: 1.2

Temporal Score: 0.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: Settings/ParanoidReport, SMB/NativeLanManager

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/29/2006

Reference Information

CVE: CVE-2006-1059

BID: 17314