The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials may allow an attacker to access additional information regarding user accounts in the domain. The winbindd daemon included in Samba 3.0.21 and subsequent patch releases (3.0.21a-c) writes the clear text of server's machine credentials to its log file at level 5. The winbindd log files are world readable by default and often log files are requested on open mailing lists as tools used to debug server misconfigurations. This affects servers configured to use domain or ads security and possibly Samba domain controllers as well (if configured to use winbindd). An unpatched server may be protected by ensuring that non-administrative users are unable to read any winbindd log files generated at level 5 or greater.
Created attachment 83337 [details, diff] patch for CVE-2006-1059
satya, please provide new ebuilds with the patch above and attach them to this bug. Do not commit anything yet, thanks.
I'm thinking about the question: "for samba (upstream) devs, is this a bug or a feature?" (seriously, :-) ). [brainstorming on] Maybe the cleartext pwd is a desidered debug string. Infact, I remeber samba manual states that degug>=3 is for developers or serious bug analysis. Could we restrict the permissions on the log dir instead? I hope that and admin posting a log file would inspect it before, to strip every sensible data. [brainstorming off] Just my 2 cents.
satya, it was the samba team itself that warned us, so I don't think that they consider it as feature.
Created attachment 83426 [details] samba-3.0.21c-r1 ebuild Ops... I didn't know the source of the patch. Although this ebuild (tested) is a modified version of 3.0.21c, it could be used without changes for 3.0.21{a,b} also.
Created attachment 83435 [details] samba-3.0.22 ebuild Samba 3.0.22 has just come out: it ships with the security patch, so it is a 3.0.21c with the CAN patch (from the upstream changelog, nothing else has been added). Compiled and tested (on x86). Since samba-3.0.21b was marked stable for nearly all archs, a new turn of arch tests is required for the bump.
ok, this is public now. Please commit the ebuild so that I can call arches to stable it. thanks
*** Bug 128112 has been marked as a duplicate of this bug. ***
samba 3.0.21{b,c}-r1 epatch the sources, while samba-3.0.22 ships with the patch included. All of them are in portage now. The latest stable is 3.0.21b, so the arch tests could be called for either 3.0.21b-r1 or 3.0.22 (they are equivalent in functionalities). Archs affected: amd64 arm hppa ia64 ppc ppc64 s390 sh x86 (mips, sparc and alpha are a few versions behind)
arches please test and mark at least 3.0.21c-r1 (the one patched with epatch) stable. (3.0.22 is the new upstream release, equal functionality.) thank you
stable on ppc64
3.0.22 marked ppc stable, also removing hppa from CC
stable on amd64
Stable on arm
x86 done
This one is ready for GLSA decision. I tend to vote no.
I tend to vote no too.
it is only for debug level 5 : i vote No.
voting no and closing, as always: feel free to reopen if you disagree.