CVE-2006-1059

NameCVE-2006-1059
DescriptionThe winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
samba (PTS)buster2:4.9.5+dfsg-5+deb10u3fixed
buster (security)2:4.9.5+dfsg-5+deb10u4fixed
bullseye (security), bullseye2:4.13.13+dfsg-1~deb11u5fixed
bookworm2:4.17.9+dfsg-0+deb12u3fixed
bookworm (security)2:4.17.10+dfsg-0+deb12u1fixed
trixie, sid2:4.19.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sambasourcewoody(not affected)
sambasourcesarge(not affected)
sambasource(unstable)3.0.22-1

Search for package or bug name: Reporting problems