3 results (0.007 seconds)

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0

SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en lsassd en Lsass en la Likewise Security Authority en Likewise Open v5.4 hasta v6.1, y Likewise Enterprise v6.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://secunia.com/advisories/45276 http://secunia.com/advisories/45326 http://www.likewise.com/community/index.php/forums/viewannounce/1212_6 http://www.securityfocus.com/bid/48816 http://www.ubuntu.com/usn/USN-1171-1 https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/802748 https://exchange.xforce.ibmcloud.com/vulnerabilities/68765 https://launchpadlibrarian.net/74204969/LWSA-2011-002.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 5%CPEs: 5EXPL: 0

lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence. lsassd en Likewise Open /Enterprise versión 5.3 anterior a build 7845, Open versión 6.0 anterior a build 8325, e Enterprise versión 6.0 anterior a build 178, tal y como es distribuido en ESXi versión 4.1 y ESX versión 4.1 de VMware y posiblemente otros productos, permite que los atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de un intento de inicio de sesión de Active Directory que proporciona un nombre de usuario que contiene una secuencia de bytes no válida. • http://kb.vmware.com/kb/1035108 http://lists.vmware.com/pipermail/security-announce/2011/000133.html http://secunia.com/advisories/44349 http://securityreason.com/securityalert/8240 http://securitytracker.com/id?1025452 http://www.likewise.com/community/index.php/forums/viewannounce/1104_27 http://www.securityfocus.com/archive/1/517739/100/0/threaded http://www.securityfocus.com/bid/47625 http://www.vmware.com/security/advisories/VMSA-2011-0007.html https://exchange.xforce.ibmcloud • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired. La librería pam_lsass en Likewise Open v5.4 y CIFS v5.4 y versiones anteriores a v8046, y v6.0 y versiones anteriores a v8234, usa "SetPassword logic" cuando se ejecuta como una parte de servicio raiz, lo que permite a atacantes remotos evitar la autenticación para Likewise Security Authority (lsassd) cuya contraseña está marcada como caducada. • http://marc.info/?l=bugtraq&m=129719002806096&w=2 http://secunia.com/advisories/40725 http://secunia.com/advisories/40736 http://secunia.com/advisories/43244 http://www.likewise.com/community/index.php/forums/viewthread/772 http://www.securityfocus.com/archive/1/512643/100/0/threaded http://www.securitytracker.com/id?1025031 http://www.ubuntu.com/usn/USN-964-1 http://www.vupen.com/english/advisories/2010/1913 http://www.vupen.com/english/advisories/2011/0312 • CWE-287: Improper Authentication •