TUCoPS :: HP Unsorted L :: b1a-1579.htm

Likewise Open 5.4 & 6.0
Likewise Open 5.4 & 6.0
Likewise Open 5.4 & 6.0

Hash: SHA1


Likewise Security Advisory                      LWSA-2010-001

Package     : Likewise Open
Service     : Likewise Security Authority (lsassd)
Date        : 26-July-2010
Platform(s) : Linux, OS X, Solaris, HP-UX, AIX, FreeBSD
Versions    : Likewise Open 5.4 (prior to build 8046)
              Likewise-CIFS 5.4 (prior to build 8046)
              Likewise Open 6.0 (prior to build 8234)
CVE(s)      : CVE-2010-0833


  A logic flaw has been found in the pam_lsass library that,
  when run under the context of a root service (e.g. sshd,
  gdm, etc.), will allow any user to logon as a lsassd
  local-provider account (e.g. MACHINE\Administrator) if
  the account's password is marked as expired.  The cause
  is that the pam_lsass library uses SetPassword logic when
  detecting that the uid is 0 therefore not requiring
  that the intruder validate against the expired password
  before being allowed to specify a new password.

  All Likewise Open users are encouraged to upgrade to
  the latest released packages for their version or to
  to employ the stated workaround until such a time when
  an upgrade may be performed.

  This defect was first reported by Matt Weatherford from
  the University of Washington.  Our thanks to Matt for
  helping improve Likewise Open.


  Explicitly disabling the MACHINE\Administrator (or any
  other lsassd local-provider accounts not in use) will
  prevent unauthorized access.  This may be done by running
  the following command as the local superuser.  Replace
   with the hostname of the local system

    $ lw-mod-user --disable-user "\Administrator"

  You may verify that the account is disabled by running the
  lw-find-user-by-name command

    $ lw-find-user-by-name --level 2 "MACHINE\Administrator"
    Account disabled (or locked): TRUE

Updated Packages:

  New packages for both Likewise Open 5.4 and Likewise Open
  6.0 have been made available from

Likewise Security Team security@likewise.com 

Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH