Likewise Open 5.4 & 6.0 Multiple Vulns

Credit: Gerald Carter
Risk: High
Local: No
Remote: Yes
CWE: CWE-287

Ogólna skala CVSS: 9.3/10
Znaczenie: 10/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Pełny
Wpływ na integralność: Pełny
Wpływ na dostępność: Pełny

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _____________________________________________________________ Likewise Security Advisory LWSA-2010-001 _____________________________________________________________ Package : Likewise Open Service : Likewise Security Authority (lsassd) Date : 26-July-2010 Platform(s) : Linux, OS X, Solaris, HP-UX, AIX, FreeBSD Versions : Likewise Open 5.4 (prior to build 8046) Likewise-CIFS 5.4 (prior to build 8046) Likewise Open 6.0 (prior to build 8234) CVE(s) : CVE-2010-0833 _____________________________________________________________ Summary: A logic flaw has been found in the pam_lsass library that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\Administrator) if the account's password is marked as expired. The cause is that the pam_lsass library uses SetPassword logic when detecting that the uid is 0 therefore not requiring that the intruder validate against the expired password before being allowed to specify a new password. All Likewise Open users are encouraged to upgrade to the latest released packages for their version or to to employ the stated workaround until such a time when an upgrade may be performed. This defect was first reported by Matt Weatherford from the University of Washington. Our thanks to Matt for helping improve Likewise Open. _____________________________________________________________ Workaround: Explicitly disabling the MACHINE\Administrator (or any other lsassd local-provider accounts not in use) will prevent unauthorized access. This may be done by running the following command as the local superuser. Replace <MACHINE> with the hostname of the local system $ lw-mod-user --disable-user "<MACHINE>\Administrator" You may verify that the account is disabled by running the lw-find-user-by-name command $ lw-find-user-by-name --level 2 "MACHINE\Administrator" ... Account disabled (or locked): TRUE _____________________________________________________________ Updated Packages: New packages for both Likewise Open 5.4 and Likewise Open 6.0 have been made available from _____________________________________________________________ Likewise Security Team security (at) likewise (dot) com [email concealed] _____________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFMTaeEIR7qMdg1EfYRAmVHAJ9HdRQ0ZqZv7upK7zelFs5ngsQ1iQCghA/m gBLjKaq4DbZ1hHO4TGtbmyQ= =eUL5 -----END PGP SIGNATURE-----


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top