All the vulnerabilites related to likewise - likewise_open
Vulnerability from fkie_nvd
Published
2011-05-03 22:55
Modified
2024-11-21 01:27
Severity ?
Summary
lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| likewise | likewise_open | 5.3 | |
| likewise | likewise_open | 6.0 | |
| likewise | likewise_open | 6.0 | |
| vmware | esx | 4.1 | |
| vmware | esxi | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:likewise:likewise_open:5.3:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "ED105F9A-DEE1-48E8-B929-6462CDFE16E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:likewise:likewise_open:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC251E44-5986-4A07-BEF5-F0CF9DA7F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:likewise:likewise_open:6.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "3337E00D-AB69-44F8-8852-8523C0ACA97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C9E205-87EE-4CE2-A252-DED7BB6D4EAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence."
},
{
"lang": "es",
"value": "lsassd en Likewise Open /Enterprise versi\u00f3n 5.3 anterior a build 7845, Open versi\u00f3n 6.0 anterior a build 8325, e Enterprise versi\u00f3n 6.0 anterior a build 178, tal y como es distribuido en ESXi versi\u00f3n 4.1 y ESX versi\u00f3n 4.1 de VMware y posiblemente otros productos, permite que los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de un intento de inicio de sesi\u00f3n de Active Directory que proporciona un nombre de usuario que contiene una secuencia de bytes no v\u00e1lida."
}
],
"id": "CVE-2011-1786",
"lastModified": "2024-11-21T01:27:02.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-03T22:55:03.043",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.vmware.com/kb/1035108"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44349"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8240"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025452"
},
{
"source": "cve@mitre.org",
"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47625"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.vmware.com/kb/1035108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67194"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-28 12:48
Modified
2024-11-21 01:13
Severity ?
Summary
The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| likewise | likewise_open | 5.4 | |
| likewise | likewise_open | 6.0 | |
| likewise | likewise_cifs | 5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:likewise:likewise_open:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "695635C4-A067-4E4B-84B9-92185FD462B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:likewise:likewise_open:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC251E44-5986-4A07-BEF5-F0CF9DA7F537",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:likewise:likewise_cifs:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02946748-353E-4D0D-86F0-01B7EDF86383",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses \"SetPassword logic\" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired."
},
{
"lang": "es",
"value": "La librer\u00eda pam_lsass en Likewise Open v5.4 y CIFS v5.4 y versiones anteriores a v8046, y v6.0 y versiones anteriores a v8234, usa \"SetPassword logic\" cuando se ejecuta como una parte de servicio raiz, lo que permite a atacantes remotos evitar la autenticaci\u00f3n para Likewise Security Authority (lsassd) cuya contrase\u00f1a est\u00e1 marcada como caducada."
}
],
"id": "CVE-2010-0833",
"lastModified": "2024-11-21T01:13:02.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-28T12:48:51.917",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://marc.info/?l=bugtraq\u0026m=129719002806096\u0026w=2"
},
{
"source": "security@ubuntu.com",
"url": "http://marc.info/?l=bugtraq\u0026m=129719002806096\u0026w=2"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40725"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40736"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43244"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.likewise.com/community/index.php/forums/viewthread/772/"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/archive/1/512643/100/0/threaded"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securitytracker.com/id?1025031"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-964-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1913"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=129719002806096\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=129719002806096\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.likewise.com/community/index.php/forums/viewthread/772/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/512643/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-964-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0312"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-27 02:55
Modified
2024-11-21 01:28
Severity ?
Summary
SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| likewise | likewise_open | 5.4 | |
| likewise | likewise_open | 6.0 | |
| likewise | likewise_open | 6.0 | |
| likewise | likewise_open | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:likewise:likewise_open:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "695635C4-A067-4E4B-84B9-92185FD462B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:likewise:likewise_open:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC251E44-5986-4A07-BEF5-F0CF9DA7F537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:likewise:likewise_open:6.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "3337E00D-AB69-44F8-8852-8523C0ACA97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:likewise:likewise_open:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "847B454D-9262-46DA-9298-E21633E9F852",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en lsassd en Lsass en la Likewise Security Authority en Likewise Open v5.4 hasta v6.1, y Likewise Enterprise v6.0, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-2467",
"lastModified": "2024-11-21T01:28:20.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-27T02:55:01.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45276"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45326"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1212_6/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48816"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1171-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/802748"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68765"
},
{
"source": "cve@mitre.org",
"url": "https://launchpadlibrarian.net/74204969/LWSA-2011-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1212_6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1171-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/802748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpadlibrarian.net/74204969/LWSA-2011-002.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2011-2467
Vulnerability from cvelistv5
Published
2011-07-27 01:29
Modified
2024-08-06 23:00
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/45276 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/USN-1171-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/45326 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.likewise.com/community/index.php/forums/viewannounce/1212_6/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68765 | vdb-entry, x_refsource_XF | |
| https://launchpadlibrarian.net/74204969/LWSA-2011-002.txt | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/48816 | vdb-entry, x_refsource_BID | |
| https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/802748 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45276"
},
{
"name": "USN-1171-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1171-1"
},
{
"name": "45326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1212_6/"
},
{
"name": "likewise-lsassd-sql-injection(68765)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68765"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpadlibrarian.net/74204969/LWSA-2011-002.txt"
},
{
"name": "48816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/802748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45276"
},
{
"name": "USN-1171-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1171-1"
},
{
"name": "45326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1212_6/"
},
{
"name": "likewise-lsassd-sql-injection(68765)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68765"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpadlibrarian.net/74204969/LWSA-2011-002.txt"
},
{
"name": "48816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/802748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45276"
},
{
"name": "USN-1171-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1171-1"
},
{
"name": "45326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45326"
},
{
"name": "http://www.likewise.com/community/index.php/forums/viewannounce/1212_6/",
"refsource": "CONFIRM",
"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1212_6/"
},
{
"name": "likewise-lsassd-sql-injection(68765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68765"
},
{
"name": "https://launchpadlibrarian.net/74204969/LWSA-2011-002.txt",
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/74204969/LWSA-2011-002.txt"
},
{
"name": "48816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48816"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/802748",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/802748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2467",
"datePublished": "2011-07-27T01:29:00",
"dateReserved": "2011-06-07T00:00:00",
"dateUpdated": "2024-08-06T23:00:33.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1786
Vulnerability from cvelistv5
Published
2011-05-03 22:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/ | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1025452 | vdb-entry, x_refsource_SECTRACK | |
| http://kb.vmware.com/kb/1035108 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44349 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vmware.com/security/advisories/VMSA-2011-0007.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67194 | vdb-entry, x_refsource_XF | |
| http://lists.vmware.com/pipermail/security-announce/2011/000133.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/47625 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/517739/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/8240 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/"
},
{
"name": "1025452",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025452"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/1035108"
},
{
"name": "44349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44349"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"name": "likewise-lsaad-dos(67194)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67194"
},
{
"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name": "47625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47625"
},
{
"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name": "8240",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/"
},
{
"name": "1025452",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025452"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/1035108"
},
{
"name": "44349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44349"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"name": "likewise-lsaad-dos(67194)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67194"
},
{
"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name": "47625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47625"
},
{
"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name": "8240",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8240"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/",
"refsource": "CONFIRM",
"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/"
},
{
"name": "1025452",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025452"
},
{
"name": "http://kb.vmware.com/kb/1035108",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1035108"
},
{
"name": "44349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44349"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"name": "likewise-lsaad-dos(67194)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67194"
},
{
"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name": "47625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47625"
},
{
"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name": "8240",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8240"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1786",
"datePublished": "2011-05-03T22:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0833
Vulnerability from cvelistv5
Published
2010-07-27 22:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-964-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/archive/1/512643/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/40725 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=129719002806096&w=2 | vendor-advisory, x_refsource_HP | |
| http://secunia.com/advisories/40736 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/43244 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1025031 | vdb-entry, x_refsource_SECTRACK | |
| http://www.likewise.com/community/index.php/forums/viewthread/772/ | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/1913 | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=129719002806096&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.vupen.com/english/advisories/2011/0312 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-964-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-964-1"
},
{
"name": "20100726 [LWSA-2010-001] Likewise Open 5.4 \u0026 6.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512643/100/0/threaded"
},
{
"name": "40725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40725"
},
{
"name": "SSRT1000385",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129719002806096\u0026w=2"
},
{
"name": "40736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40736"
},
{
"name": "43244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43244"
},
{
"name": "1025031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.likewise.com/community/index.php/forums/viewthread/772/"
},
{
"name": "ADV-2010-1913",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1913"
},
{
"name": "HPSBST02630",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129719002806096\u0026w=2"
},
{
"name": "ADV-2011-0312",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses \"SetPassword logic\" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-964-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-964-1"
},
{
"name": "20100726 [LWSA-2010-001] Likewise Open 5.4 \u0026 6.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512643/100/0/threaded"
},
{
"name": "40725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40725"
},
{
"name": "SSRT1000385",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129719002806096\u0026w=2"
},
{
"name": "40736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40736"
},
{
"name": "43244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43244"
},
{
"name": "1025031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.likewise.com/community/index.php/forums/viewthread/772/"
},
{
"name": "ADV-2010-1913",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1913"
},
{
"name": "HPSBST02630",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129719002806096\u0026w=2"
},
{
"name": "ADV-2011-0312",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0312"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2010-0833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses \"SetPassword logic\" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-964-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-964-1"
},
{
"name": "20100726 [LWSA-2010-001] Likewise Open 5.4 \u0026 6.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512643/100/0/threaded"
},
{
"name": "40725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40725"
},
{
"name": "SSRT1000385",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129719002806096\u0026w=2"
},
{
"name": "40736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40736"
},
{
"name": "43244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43244"
},
{
"name": "1025031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025031"
},
{
"name": "http://www.likewise.com/community/index.php/forums/viewthread/772/",
"refsource": "CONFIRM",
"url": "http://www.likewise.com/community/index.php/forums/viewthread/772/"
},
{
"name": "ADV-2010-1913",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1913"
},
{
"name": "HPSBST02630",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129719002806096\u0026w=2"
},
{
"name": "ADV-2011-0312",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0312"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2010-0833",
"datePublished": "2010-07-27T22:00:00",
"dateReserved": "2010-03-03T00:00:00",
"dateUpdated": "2024-08-07T00:59:39.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}