9.3
CVE-2010-0833
- EPSS 4.14%
- Veröffentlicht 28.07.2010 12:48:51
- Zuletzt bearbeitet 16.06.2026 23:16:55
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Likewise ≫ Likewise Open Version5.4
Likewise ≫ Likewise Open Version6.0
Likewise ≫ Likewise Cifs Version5.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.14% | 0.895 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://marc.info/?l=bugtraq&m=129719002806096&w=2
http://secunia.com/advisories/40725
http://secunia.com/advisories/40736
http://secunia.com/advisories/43244
http://www.likewise.com/community/index.php/forums/viewthread/772/
http://www.securityfocus.com/archive/1/512643/100/0/threaded
http://www.securitytracker.com/id?1025031
http://www.ubuntu.com/usn/USN-964-1
http://www.vupen.com/english/advisories/2010/1913
http://www.vupen.com/english/advisories/2011/0312