CVE-2010-0833
First published: Tue Jul 27 2010(Updated: )
The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Likewise Open | =5.4 | |
| Likewise Open | =6.0 | |
| Likewise CIFS | =5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2010/1913
- http://secunia.com/advisories/40736
- http://www.likewise.com/community/index.php/forums/viewthread/772/
- http://secunia.com/advisories/40725
- http://www.ubuntu.com/usn/USN-964-1
- http://secunia.com/advisories/43244
- http://www.securitytracker.com/id?1025031
- http://www.vupen.com/english/advisories/2011/0312
- http://marc.info/?l=bugtraq&m=129719002806096&w=2
- http://www.securityfocus.com/archive/1/512643/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-0833?
CVE-2010-0833 has a high severity level due to its potential for allowing remote attackers to bypass authentication.
How do I fix CVE-2010-0833?
Fix CVE-2010-0833 by upgrading Likewise Open to version 5.4 build 8046, 6.0 build 8234, or later.
Which systems are impacted by CVE-2010-0833?
CVE-2010-0833 affects Likewise Open 5.4, Likewise Open 6.0, and Likewise CIFS 5.4 on HP StorageWorks X9000 Network Storage Systems and similar products.
What actions should I take if I am using vulnerable software related to CVE-2010-0833?
If using vulnerable software, immediately apply the recommended upgrades to mitigate the risk associated with CVE-2010-0833.
Is CVE-2010-0833 exploitable over the network?
Yes, CVE-2010-0833 is exploitable over the network, which poses a significant security risk.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/likewise
- canonical/likewise open
- version/likewise open/5.4
- version/likewise open/6.0
- canonical/likewise cifs
- version/likewise cifs/5.4