|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
Samba winbindd contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plain text winbindd passwords of a domain member server. When the log level is set to 5 or higher, winbindd stores these credentials in a plain text file readable by non-administrative users, which may lead to a loss of confidentiality.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 3.0.22 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by ensuring that non-administrative users do not have read read access to log files generated 'winbindd' log files of log level 5 or greater.
|
|
Products |
|
Samba
 |
3.0.21 |
3.0.21a |
3.0.21b |
3.0.21c |
|
|
|
|
|
|
Credit |
- Samba Team - security
 samba.org - Samba Project
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
