Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials

from [Gerald (Jerry) Carter] Network Security [Permanent Link]
Subject: [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files
Date: Wed, 29 Mar 2006 23:22:34 -0600 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==========================================================
==
== Subject:     Exposed clear text of domain machine
==              account password in debug logs (log
==              level >= 5)
== CVE ID#:     CAN_2006-1059
==
== Versions:    Samba Samba 3.0.21 - 3.0.21c (inclusive)
==
== Summary:     The winbindd daemon writes the clear text
==              of the machine trust account password to
==              log files.  These log files are world
==              readable by default.
==
==========================================================


===========
Description
===========

The machine trust account password is the secret shared
between a domain controller and a specific member server.
Access to the member server machine credentials allows
an attacker to impersonate the server in the domain and
gain access to additional information regarding domain
users and groups.

The winbindd daemon included in Samba 3.0.21 and subsequent
patch releases (3.0.21a-c) writes the clear text of server's
machine credentials to its log file at level 5.  The winbindd
log files are world readable by default and often log files
are requested on open mailing lists as tools used to debug
server misconfigurations.

This affects servers configured to use domain or ads security
and possibly Samba domain controllers as well (if configured
to use winbindd).


==================
Patch Availability
==================

Samba 3.0.22 has been released to address this one security
defect.  A patch for Samba 3.0.21[a-c] has been posted at

        http://www.samba.org/samba/security/

An unpatched server may be protected by ensuring that
non-administrative users are unable to read any winbindd
log files generated at level 5 or greater.


=======
Credits
=======

This security issue discovered during an internal security
audit of the Samba source code by the Samba Team.


==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEK2saIR7qMdg1EfYRAl6kAJ43G/1StS5lRt56EnojGSY8ndjjRgCfbJxV
d9QaHIC1lgJMc3U+bMDh2Zw=
=33BN
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files, Gerald (Jerry) Carter <=
Previous by Date:  Smurfable Linux Kernel, Tomasz Chomiuk
Next by Date:  [security bulletin] HPSBUX02103 SSRT5953 rev.2 - HP-UX passwd(1) Local Denial of Service (DoS), security-alert
Previous by Thread:  Smurfable Linux Kernel, Tomasz Chomiuk
Next by Thread:  [security bulletin] HPSBUX02103 SSRT5953 rev.2 - HP-UX passwd(1) Local Denial of Service (DoS), security-alert
Indexes:  [Date] [Thread] [Top] [All Lists]