|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_____________________________________________________________
Likewise Security Advisory LWSA-2010-001
http://www.likewise.com/
_____________________________________________________________
Package : Likewise Open
Service : Likewise Security Authority (lsassd)
Date : 26-July-2010
Platform(s) : Linux, OS X, Solaris, HP-UX, AIX, FreeBSD
Versions : Likewise Open 5.4 (prior to build 8046)
Likewise-CIFS 5.4 (prior to build 8046)
Likewise Open 6.0 (prior to build 8234)
CVE(s) : CVE-2010-0833
_____________________________________________________________
Summary:
A logic flaw has been found in the pam_lsass library that,
when run under the context of a root service (e.g. sshd,
gdm, etc.), will allow any user to logon as a lsassd
local-provider account (e.g. MACHINE\Administrator) if
the account's password is marked as expired. The cause
is that the pam_lsass library uses SetPassword logic when
detecting that the uid is 0 therefore not requiring
that the intruder validate against the expired password
before being allowed to specify a new password.
All Likewise Open users are encouraged to upgrade to
the latest released packages for their version or to
to employ the stated workaround until such a time when
an upgrade may be performed.
This defect was first reported by Matt Weatherford from
the University of Washington. Our thanks to Matt for
helping improve Likewise Open.
_____________________________________________________________
Workaround:
Explicitly disabling the MACHINE\Administrator (or any
other lsassd local-provider accounts not in use) will
prevent unauthorized access. This may be done by running
the following command as the local superuser. Replace