9.3

CVE-2010-0833

EPSS 1.23%
Veröffentlicht 28.07.2010 12:48:51
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle security@ubuntu.com
Teams Watchlist Login
Unerledigt Login

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Likewise ≫ Likewise Open Version5.4

Likewise ≫ Likewise Open Version6.0

Likewise ≫ Likewise Cifs Version5.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.23%	0.773

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://marc.info/?l=bugtraq&m=129719002806096&w=2

http://secunia.com/advisories/40725

Vendor Advisory

http://secunia.com/advisories/40736

Vendor Advisory

http://secunia.com/advisories/43244

Vendor Advisory

http://www.likewise.com/community/index.php/forums/viewthread/772/

Patch

Vendor Advisory

http://www.securityfocus.com/archive/1/512643/100/0/threaded

http://www.securitytracker.com/id?1025031

http://www.ubuntu.com/usn/USN-964-1

http://www.vupen.com/english/advisories/2010/1913

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0312

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2010-0833

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0833

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0833

EUVD