9.3

CVE-2010-0833

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LikewiseLikewise Open Version5.4
LikewiseLikewise Open Version6.0
LikewiseLikewise Cifs Version5.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.14% 0.895
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://marc.info/?l=bugtraq&m=129719002806096&w=2
http://secunia.com/advisories/40725
Vendor Advisory
http://secunia.com/advisories/40736
Vendor Advisory
http://secunia.com/advisories/43244
Vendor Advisory
http://www.likewise.com/community/index.php/forums/viewthread/772/
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/512643/100/0/threaded
http://www.securitytracker.com/id?1025031
http://www.ubuntu.com/usn/USN-964-1
http://www.vupen.com/english/advisories/2010/1913
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0312
Vendor Advisory