CVE-2010-0833 Information

Description

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046 and 6.0 before build 8234 as used in HP StorageWorks X9000 Network Storage Systems and possibly other products uses \SetPassword logic\ when running as part of a root service which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

Reference

http://marc.info/?l=bugtraq&m=129719002806096&w=2 http://secunia.com/advisories/40725 http://secunia.com/advisories/40736 http://secunia.com/advisories/43244 http://www.likewise.com/community/index.php/forums/viewthread/772/ http://www.securityfocus.com/archive/1/512643/100/0/threaded http://www.securitytracker.com/id?1025031 http://www.ubuntu.com/usn/USN-964-1 http://www.vupen.com/english/advisories/2010/1913 http://www.vupen.com/english/advisories/2011/0312