Vulnerability Details : CVE-2006-1059
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.
Products affected by CVE-2006-1059
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1059
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1059
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.2
|
LOW | AV:L/AC:H/Au:N/C:P/I:N/A:N |
1.9
|
2.9
|
NIST |
References for CVE-2006-1059
-
http://www.vupen.com/english/advisories/2006/1179
Site en construction
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25575
Samba clear text machine trust account credentials CVE-2006-1059 Vulnerability Report
-
http://www.trustix.org/errata/2006/0018
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.securityfocus.com/archive/1/429370/100/0/threaded
-
http://securitytracker.com/id?1015850
GoDaddy Domain Name Search
-
http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00114.html
[SECURITY] Fedora Core 5 Update: samba-3.0.22-1.fc5
-
http://www.securityfocus.com/bid/17314
-
http://us1.samba.org/samba/security/CAN-2006-1059.html
Site not found (404)Patch
Jump to