CVE-2008-6800

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not a security issue. It was originally created based on one vendor's misinterpretation of an upstream changelog comment that referred to a race condition in the winbind daemon aka winbindd in Samba...

SuSE 10 Security Update : samba (ZYPP Patch Number 2556)

A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon. CVE-2007-0452 In addition the following changes are included with these packages : - Move tdb utils to the client package. - The version string of binaries reported by the -V option now include the packag...

openSUSE 10 Security Update : samba (samba-2584)

"A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon. In addition the following changes are included with these packages : - Disable broken DCERPC funnel patch; 242833. - Avoid winbind event handler for internal domains. - Fix smbcontrol winbind offline;...

openSUSE 10 Security Update : samba (samba-2553)

A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon CVE-2007-0452. In addition the following changes are included with these packages : - Move tdb utils to the client package. - Add version of the package subversion to Samba vendor version suffix. - Fix tim...

Samba < 3.0.24 Multiple Flaws

According to its version number, the remote Samba server is affected by several flaws : - A denial of service issue occuring if an authenticated attacker sends a large number of CIFS session requests which will cause an infinite loop to occur in the smbd daemon, thus utilizing CPU resources and...

Buffer overflow

Buffer overflow in the nsswinbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the 1 gethostbyname and 2 getipnodebyname functions...

CVE-2007-0453

CVE-2007-0453 affects Samba 3.0.21 through 3.0.23d (as used by the winbindd daemon on Solaris). The vulnerability is a buffer overflow in the nss_winbind.so.1 library, triggered via the gethostbyname and getipnodebyname functions, allowing an attacker to execute arbitrary code. Connected sources ...

FreeBSD : samba -- Exposure of machine account credentials in winbind log files (92fd40eb-c458-11da-9c79-00123ffe8333)

Samba Security Advisory : The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regardin...

Default credentials

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain...

CVE-2006-1059

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain...

DEBIAN-CVE-2006-1059

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain...

CVE-2006-1059

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain...

CVE-2006-1059

CVE-2006-1059 affects Samba up to 3.0.21c: winbindd writes the machine trust account password in cleartext to log files, allowing local users to obtain the password and spoof the domain server. OpenVAS notes the exposure of machine account credentials in winbind logs. The provided documents do no...

CVE-2006-1059

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain...

Exposed clear text of domain machine

Description The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regarding domain users...

samba -- Exposure of machine account credentials in winbind log files

Samba Security Advisory: The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regarding...

[SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Exposed clear text of domain machine == account password in debug logs log == level = 5 == CVE ID: CAN2006-1059 == == Versions: Samba Samba 3.0.21 - 3.0.21c inclusive == ==...

Fedora Core 2 : samba-3.0.10-1.fc2 (2004-561)

Fri Dec 17 2004 Jay Fenlason 3.0.10-1.fc2 - New upstream release that closes CVE-2004-1154 bz142544 - Include the -64bit patch from Nalin. This closes bz142873 - Update the -logfiles patch to work with 3.0.10 - Create /var/run/winbindd and make it part of the -common rpm to close bz142242 - move...

Mandrake Linux Security Advisory : samba (MDKSA-2004:071)

A vulnerability was discovered in SWAT, the Samba Web Administration Tool. The routine used to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. This same code is also used to internally decode the sambaMungedDial attribu...