CVE-2010-0833

Sažetak

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

Reference

http://marc.info/?l=bugtraq&m=129719002806096&w=2
http://secunia.com/advisories/40725
http://secunia.com/advisories/40736
http://secunia.com/advisories/43244
http://www.likewise.com/community/index.php/forums/viewthread/772/
http://www.securityfocus.com/archive/1/512643/100/0/threaded
http://www.securitytracker.com/id?1025031
http://www.ubuntu.com/usn/USN-964-1
http://www.vupen.com/english/advisories/2010/1913
http://www.vupen.com/english/advisories/2011/0312

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

10-10-2018 - 19:53

Objavljeno

28-07-2010 - 12:48