Vulnerability Description
The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Likewise | Likewise Open | 5.4 |
| Likewise | Likewise Cifs | 5.4 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=129719002806096&w=2
- http://secunia.com/advisories/40725Vendor Advisory
- http://secunia.com/advisories/40736Vendor Advisory
- http://secunia.com/advisories/43244Vendor Advisory
- http://www.likewise.com/community/index.php/forums/viewthread/772/PatchVendor Advisory
- http://www.securityfocus.com/archive/1/512643/100/0/threaded
- http://www.securitytracker.com/id?1025031
- http://www.ubuntu.com/usn/USN-964-1
- http://www.vupen.com/english/advisories/2010/1913Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0312Vendor Advisory
- http://marc.info/?l=bugtraq&m=129719002806096&w=2
- http://secunia.com/advisories/40725Vendor Advisory
- http://secunia.com/advisories/40736Vendor Advisory
- http://secunia.com/advisories/43244Vendor Advisory
- http://www.likewise.com/community/index.php/forums/viewthread/772/PatchVendor Advisory
FAQ
What is CVE-2010-0833?
CVE-2010-0833 is a vulnerability with a CVSS score of 9.3 (HIGH). The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPas...
How severe is CVE-2010-0833?
CVE-2010-0833 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0833?
Check the references section above for vendor advisories and patch information. Affected products include: Likewise Likewise Open, Likewise Likewise Cifs.