CVE-2010-0833

Publication date 26 July 2010

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

From the Ubuntu Security Team

Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to.

Status

Package Ubuntu Release Status
likewise-open 10.04 LTS lucid
Fixed 5.4.0.42111-2ubuntu1.1
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-964-1
    • Likewise Open vulnerability
    • 26 July 2010

Other references