PT-2010-2557 · Likewise · Likewise Open+1
Matt Weatherford
·
Publicado
2010-07-27
·
Atualizado
2018-10-10
·
CVE-2010-0833
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Likewise Open versions 5.4 through 5.4 before build 8046
Likewise Open versions 6.0 through 6.0 before build 8234
CIFS versions 5.4 through 5.4 before build 8046
CIFS versions 6.0 through 6.0 before build 8234
Description
The issue allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired, due to the use of "SetPassword logic" when running as part of a root service.
Recommendations
For Likewise Open versions 5.4 through 5.4 before build 8046, update to build 8046 or later.
For Likewise Open versions 6.0 through 6.0 before build 8234, update to build 8234 or later.
For CIFS versions 5.4 through 5.4 before build 8046, update to build 8046 or later.
For CIFS versions 6.0 through 6.0 before build 8234, update to build 8234 or later.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cifs
Likewise Open