Users of Likewise Security Advisory please be advised of a LWSA-2010-001 Likewise Open 5.4 & 6.0 vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
LWSA-2010-001: LWSA-2010-001 Likewise Open 5.4 & 6.0
Likewise Security Advisory
Summary:
A logic flaw has been found in the pam_lsass library that,
when run under the context of a root service (e.g. sshd,
gdm, etc.), will allow any user to logon as a lsassd
local-provider account (e.g. MACHINEAdministrator) if
the account's password is marked as expired. The cause
is that the pam_lsass library uses SetPassword logic when
detecting that the uid is 0 therefore not requiring
that the intruder validate against the expired password
before being allowed to specify a new password.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cRqOAN
No comments:
Post a Comment