Gerald (Jerry) Carter
2006-Mar-30 15:16 UTC
[Samba] [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================ Subject: Exposed clear text of domain machine == account password in debug logs (log == level >= 5) == CVE ID#: CAN_2006-1059 === Versions: Samba Samba 3.0.21 - 3.0.21c (inclusive) === Summary: The winbindd daemon writes the clear text == of the machine trust account password to == log files. These log files are world == readable by default. ========================================================== ==========Description ========== The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regarding domain users and groups. The winbindd daemon included in Samba 3.0.21 and subsequent patch releases (3.0.21a-c) writes the clear text of server's machine credentials to its log file at level 5. The winbindd log files are world readable by default and often log files are requested on open mailing lists as tools used to debug server misconfigurations. This affects servers configured to use domain or ads security and possibly Samba domain controllers as well (if configured to use winbindd). =================Patch Availability ================= Samba 3.0.22 has been released to address this one security defect. A patch for Samba 3.0.21[a-c] has been posted at http://www.samba.org/samba/security/ An unpatched server may be protected by ensuring that non-administrative users are unable to read any winbindd log files generated at level 5 or greater. ======Credits ====== This security issue discovered during an internal security audit of the Samba source code by the Samba Team. =========================================================== Our Code, Our Bugs, Our Responsibility. == The Samba Team =========================================================-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEK2qkIR7qMdg1EfYRAnxrAJ0Q2Egg+fWXUcgdWRHgGiEIs9BDXQCfdXiV NPVl/9WSNw7weI0c6EaDl1g=1oLt -----END PGP SIGNATURE-----
Possibly Parallel Threads
- [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files
- credentials check failed - Samba 3.0.21
- Offset in glm poisson using R vs Exposure in Stata
- Stats question: Comparison of the same individuals during two exposure times
- Secunia / Firefox Javascript "Arbitrary Memory Exposure" test