Launchpad.net

CVE 2010-0833

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

Related bugs and status

CVE-2010-0833 (Candidate) is related to these bugs:

Bug #534629: AssumeDefaultDomain does not work

		In	Importance	Status
534629	AssumeDefaultDomain does not work	likewise-open (Ubuntu)	Medium	Fix Committed
534629	AssumeDefaultDomain does not work	likewise-open (Ubuntu Lucid)	Undecided	Won't Fix
534629	AssumeDefaultDomain does not work	likewise-open (Ubuntu Maverick)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.likewise.co...
UBUNTU: USN-964-1
SECUNIA: 40725
SECUNIA: 40736
VUPEN: ADV-2010-1913
SECTRACK: 1025031
SECUNIA: 43244
VUPEN: ADV-2011-0312
HP: HPSBST02630
HP: SSRT1000385
BUGTRAQ: 20100726 [LWSA-2010-00...