diff options
| author | Gerald Carter <jerry@samba.org> | 2006-03-30 14:22:08 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2006-03-30 14:22:08 +0000 |
| commit | 160f2a3ea700c763b2e0d7753f393e677c5b8f54 (patch) | |
| tree | f2e1bdc682148a33626bfa1feea047f8838cb0f9 /WHATSNEW.txt | |
| parent | 4a478f189aa658a80daf8a6dfa2c99a41b5476d6 (diff) | |
| download | samba-160f2a3ea700c763b2e0d7753f393e677c5b8f54.tar.gz samba-160f2a3ea700c763b2e0d7753f393e677c5b8f54.tar.xz samba-160f2a3ea700c763b2e0d7753f393e677c5b8f54.zip | |
r14823: committing changes for 3.0.22samba-3.0.22
Diffstat (limited to 'WHATSNEW.txt')
| -rw-r--r-- | WHATSNEW.txt | 47 |
1 files changed, 39 insertions, 8 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ff6f03a7cb8..fdcfc6045d0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,13 +1,47 @@ + ============================== + Release Notes for Samba 3.0.22 + Mar 30, 2006 + ============================== + +This is a security release of Samba. The Samba 3.0.21 release +series (including the patch releases a through c) has been +discovered to expose the clear text of the server's machine +account credentials in the winbind log files when the log +level is set to 5 or higher. This defect has been assigned +the CVE number CAN-2006-1059. + +Summary +======= + +The machine trust account password is the secret shared +between a domain controller and a specific member server. +Access to the member server machine credentials allows +an attacker to impersonate the server in the domain and +gain access to additional information regarding domain +users and groups. + +The winbindd daemon included in Samba 3.0.21 and subsequent +patch releases (3.0.21a-c) writes the clear text of server's +machine credentials to its log file at level 5. The winbindd +log files are world readable by default and often log files +are requested on open mailing lists as tools used to debug +server misconfigurations. + +This affects servers configured to use domain or ads security +and possibly Samba domain controllers as well (if configured +to use winbindd). + +======= + +Release Notes for older release follow: + + -------------------------------------------------- + =============================== Release Notes for Samba 3.0.21c Feb 24, 2006 =============================== -This is the latest stable release of Samba. This is the version -that production Samba servers should be running for all current -bug-fixes. Please read the following important changes in this -release. - Common bugs fixed in 3.0.21c include: o Access checks when deleting printer driver meta-data. @@ -122,9 +156,6 @@ o Qiao Yang <qyang@stbernard.com> connection code in winbindd. - -Release Notes for older release follow: - -------------------------------------------------- =============================== Release Notes for Samba 3.0.21b |