Lucene search

K
ubuntuUbuntuUSN-964-1
HistoryJul 26, 2010 - 12:00 a.m.

Likewise Open vulnerability

2010-07-2600:00:00
ubuntu.com
27

6.2 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.1%

Releases

  • Ubuntu 10.04

Packages

  • likewise-open - Authentication services for Active Directory Domains

Details

Matt Weatherford discovered that Likewise Open did not correctly check
password expiration for the local-provider account. A local attacker could
exploit this to log into a system they would otherwise not have access to.

OSVersionArchitecturePackageVersionFilename
Ubuntu10.04noarchlikewise-open5-lsass< 5.4.0.42111-2ubuntu1.1UNKNOWN
Ubuntu10.04noarchlikewise-open< 5.4.0.42111-2ubuntu1.1UNKNOWN
Ubuntu10.04noarchlikewise-open-gui< 5.4.0.42111-2ubuntu1.1UNKNOWN
Ubuntu10.04noarchlikewise-open-server< 5.4.0.42111-2ubuntu1.1UNKNOWN

6.2 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.1%

Related for USN-964-1