Samba winbindd Debug Log Server Credentials Local Disclosure

Low Nessus Plugin ID 24684


The remote Samba server is vulnerable to a local information disclosure flaw.


According to its version number, the remote Samba server is affected by a flaw that may allow a local attacker to get access to the passwords sent to the winbindd daemon if the debug level has been set to 5 or higher.


Upgrade to Samba 3.0.22 or set the debug level to a value lower than 5.

See Also

Plugin Details

Severity: Low

ID: 24684

File Name: samba_local_info_disclosure.nasl

Version: $Revision: 1.13 $

Type: remote

Family: Misc.

Published: 2007/02/22

Modified: 2014/05/26

Dependencies: 10785

Risk Information

Risk Factor: Low


Base Score: 1.2

Temporal Score: 1

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2006/03/29

Reference Information

CVE: CVE-2006-1059

BID: 17314

OSVDB: 24263