ID CVE-2011-0002
Summary libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
References
Vulnerable Configurations
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.18
    cpe:2.3:a:miloslav_trmac:libuser:0.56.18
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.17
    cpe:2.3:a:miloslav_trmac:libuser:0.56.17
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.16
    cpe:2.3:a:miloslav_trmac:libuser:0.56.16
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.15
    cpe:2.3:a:miloslav_trmac:libuser:0.56.15
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.14
    cpe:2.3:a:miloslav_trmac:libuser:0.56.14
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.13
    cpe:2.3:a:miloslav_trmac:libuser:0.56.13
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.12
    cpe:2.3:a:miloslav_trmac:libuser:0.56.12
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.11
    cpe:2.3:a:miloslav_trmac:libuser:0.56.11
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.10
    cpe:2.3:a:miloslav_trmac:libuser:0.56.10
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.9
    cpe:2.3:a:miloslav_trmac:libuser:0.56.9
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.8
    cpe:2.3:a:miloslav_trmac:libuser:0.56.8
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.7
    cpe:2.3:a:miloslav_trmac:libuser:0.56.7
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.6
    cpe:2.3:a:miloslav_trmac:libuser:0.56.6
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.5
    cpe:2.3:a:miloslav_trmac:libuser:0.56.5
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.4
    cpe:2.3:a:miloslav_trmac:libuser:0.56.4
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.3
    cpe:2.3:a:miloslav_trmac:libuser:0.56.3
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.2
    cpe:2.3:a:miloslav_trmac:libuser:0.56.2
  • cpe:2.3:a:miloslav_trmac:libuser:0.56.1
    cpe:2.3:a:miloslav_trmac:libuser:0.56.1
  • cpe:2.3:a:miloslav_trmac:libuser:0.56
    cpe:2.3:a:miloslav_trmac:libuser:0.56
  • cpe:2.3:a:miloslav_trmac:libuser:0.55
    cpe:2.3:a:miloslav_trmac:libuser:0.55
  • cpe:2.3:a:miloslav_trmac:libuser:0.54.8
    cpe:2.3:a:miloslav_trmac:libuser:0.54.8
  • cpe:2.3:a:miloslav_trmac:libuser:0.54.7
    cpe:2.3:a:miloslav_trmac:libuser:0.54.7
  • cpe:2.3:a:miloslav_trmac:libuser:0.54.6
    cpe:2.3:a:miloslav_trmac:libuser:0.54.6
  • cpe:2.3:a:miloslav_trmac:libuser:0.54.5
    cpe:2.3:a:miloslav_trmac:libuser:0.54.5
  • cpe:2.3:a:miloslav_trmac:libuser:0.54.4
    cpe:2.3:a:miloslav_trmac:libuser:0.54.4
  • cpe:2.3:a:miloslav_trmac:libuser:0.54.3
    cpe:2.3:a:miloslav_trmac:libuser:0.54.3
  • cpe:2.3:a:miloslav_trmac:libuser:0.54.2
    cpe:2.3:a:miloslav_trmac:libuser:0.54.2
  • cpe:2.3:a:miloslav_trmac:libuser:0.54.1
    cpe:2.3:a:miloslav_trmac:libuser:0.54.1
  • cpe:2.3:a:miloslav_trmac:libuser:0.54
    cpe:2.3:a:miloslav_trmac:libuser:0.54
  • cpe:2.3:a:miloslav_trmac:libuser:0.53.8
    cpe:2.3:a:miloslav_trmac:libuser:0.53.8
  • cpe:2.3:a:miloslav_trmac:libuser:0.53.7
    cpe:2.3:a:miloslav_trmac:libuser:0.53.7
  • cpe:2.3:a:miloslav_trmac:libuser:0.53.6
    cpe:2.3:a:miloslav_trmac:libuser:0.53.6
  • cpe:2.3:a:miloslav_trmac:libuser:0.53.5
    cpe:2.3:a:miloslav_trmac:libuser:0.53.5
  • cpe:2.3:a:miloslav_trmac:libuser:0.53.4
    cpe:2.3:a:miloslav_trmac:libuser:0.53.4
  • cpe:2.3:a:miloslav_trmac:libuser:0.53.3
    cpe:2.3:a:miloslav_trmac:libuser:0.53.3
  • cpe:2.3:a:miloslav_trmac:libuser:0.53.2
    cpe:2.3:a:miloslav_trmac:libuser:0.53.2
  • cpe:2.3:a:miloslav_trmac:libuser:0.53.1
    cpe:2.3:a:miloslav_trmac:libuser:0.53.1
  • cpe:2.3:a:miloslav_trmac:libuser:0.53
    cpe:2.3:a:miloslav_trmac:libuser:0.53
  • cpe:2.3:a:miloslav_trmac:libuser:0.52.6
    cpe:2.3:a:miloslav_trmac:libuser:0.52.6
  • cpe:2.3:a:miloslav_trmac:libuser:0.52.5
    cpe:2.3:a:miloslav_trmac:libuser:0.52.5
  • cpe:2.3:a:miloslav_trmac:libuser:0.52.4
    cpe:2.3:a:miloslav_trmac:libuser:0.52.4
  • cpe:2.3:a:miloslav_trmac:libuser:0.52.3
    cpe:2.3:a:miloslav_trmac:libuser:0.52.3
  • cpe:2.3:a:miloslav_trmac:libuser:0.52.2
    cpe:2.3:a:miloslav_trmac:libuser:0.52.2
  • cpe:2.3:a:miloslav_trmac:libuser:0.52.1
    cpe:2.3:a:miloslav_trmac:libuser:0.52.1
  • cpe:2.3:a:miloslav_trmac:libuser:0.52
    cpe:2.3:a:miloslav_trmac:libuser:0.52
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.12
    cpe:2.3:a:miloslav_trmac:libuser:0.51.12
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.11
    cpe:2.3:a:miloslav_trmac:libuser:0.51.11
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.10
    cpe:2.3:a:miloslav_trmac:libuser:0.51.10
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.9
    cpe:2.3:a:miloslav_trmac:libuser:0.51.9
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.8
    cpe:2.3:a:miloslav_trmac:libuser:0.51.8
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.7-7
    cpe:2.3:a:miloslav_trmac:libuser:0.51.7-7
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.7-3
    cpe:2.3:a:miloslav_trmac:libuser:0.51.7-3
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.7
    cpe:2.3:a:miloslav_trmac:libuser:0.51.7
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.6
    cpe:2.3:a:miloslav_trmac:libuser:0.51.6
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.5
    cpe:2.3:a:miloslav_trmac:libuser:0.51.5
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.4
    cpe:2.3:a:miloslav_trmac:libuser:0.51.4
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.2
    cpe:2.3:a:miloslav_trmac:libuser:0.51.2
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.1-2
    cpe:2.3:a:miloslav_trmac:libuser:0.51.1-2
  • cpe:2.3:a:miloslav_trmac:libuser:0.51.1-1
    cpe:2.3:a:miloslav_trmac:libuser:0.51.1-1
  • cpe:2.3:a:miloslav_trmac:libuser:0.51
    cpe:2.3:a:miloslav_trmac:libuser:0.51
  • cpe:2.3:a:miloslav_trmac:libuser:0.50.2
    cpe:2.3:a:miloslav_trmac:libuser:0.50.2
  • cpe:2.3:a:miloslav_trmac:libuser:0.50
    cpe:2.3:a:miloslav_trmac:libuser:0.50
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.102
    cpe:2.3:a:miloslav_trmac:libuser:0.49.102
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.101-2
    cpe:2.3:a:miloslav_trmac:libuser:0.49.101-2
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.101-1
    cpe:2.3:a:miloslav_trmac:libuser:0.49.101-1
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.100
    cpe:2.3:a:miloslav_trmac:libuser:0.49.100
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.99
    cpe:2.3:a:miloslav_trmac:libuser:0.49.99
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.98
    cpe:2.3:a:miloslav_trmac:libuser:0.49.98
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.97
    cpe:2.3:a:miloslav_trmac:libuser:0.49.97
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.96
    cpe:2.3:a:miloslav_trmac:libuser:0.49.96
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.95
    cpe:2.3:a:miloslav_trmac:libuser:0.49.95
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.93
    cpe:2.3:a:miloslav_trmac:libuser:0.49.93
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.92
    cpe:2.3:a:miloslav_trmac:libuser:0.49.92
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.91
    cpe:2.3:a:miloslav_trmac:libuser:0.49.91
  • cpe:2.3:a:miloslav_trmac:libuser:0.49.90
    cpe:2.3:a:miloslav_trmac:libuser:0.49.90
  • cpe:2.3:a:miloslav_trmac:libuser:0.32
    cpe:2.3:a:miloslav_trmac:libuser:0.32
  • cpe:2.3:a:miloslav_trmac:libuser:0.31
    cpe:2.3:a:miloslav_trmac:libuser:0.31
  • cpe:2.3:a:miloslav_trmac:libuser:0.30
    cpe:2.3:a:miloslav_trmac:libuser:0.30
  • cpe:2.3:a:miloslav_trmac:libuser:0.29
    cpe:2.3:a:miloslav_trmac:libuser:0.29
  • cpe:2.3:a:miloslav_trmac:libuser:0.28
    cpe:2.3:a:miloslav_trmac:libuser:0.28
  • cpe:2.3:a:miloslav_trmac:libuser:0.27
    cpe:2.3:a:miloslav_trmac:libuser:0.27
  • cpe:2.3:a:miloslav_trmac:libuser:0.26
    cpe:2.3:a:miloslav_trmac:libuser:0.26
  • cpe:2.3:a:miloslav_trmac:libuser:0.25.1
    cpe:2.3:a:miloslav_trmac:libuser:0.25.1
  • cpe:2.3:a:miloslav_trmac:libuser:0.25
    cpe:2.3:a:miloslav_trmac:libuser:0.25
  • cpe:2.3:a:miloslav_trmac:libuser:0.24-4
    cpe:2.3:a:miloslav_trmac:libuser:0.24-4
  • cpe:2.3:a:miloslav_trmac:libuser:0.24-3
    cpe:2.3:a:miloslav_trmac:libuser:0.24-3
  • cpe:2.3:a:miloslav_trmac:libuser:0.23
    cpe:2.3:a:miloslav_trmac:libuser:0.23
  • cpe:2.3:a:miloslav_trmac:libuser:0.21
    cpe:2.3:a:miloslav_trmac:libuser:0.21
  • cpe:2.3:a:miloslav_trmac:libuser:0.20
    cpe:2.3:a:miloslav_trmac:libuser:0.20
  • cpe:2.3:a:miloslav_trmac:libuser:0.18
    cpe:2.3:a:miloslav_trmac:libuser:0.18
  • cpe:2.3:a:miloslav_trmac:libuser:0.16.1
    cpe:2.3:a:miloslav_trmac:libuser:0.16.1
  • cpe:2.3:a:miloslav_trmac:libuser:0.11
    cpe:2.3:a:miloslav_trmac:libuser:0.11
  • cpe:2.3:a:miloslav_trmac:libuser:0.10
    cpe:2.3:a:miloslav_trmac:libuser:0.10
  • cpe:2.3:a:miloslav_trmac:libuser:0.9
    cpe:2.3:a:miloslav_trmac:libuser:0.9
  • cpe:2.3:a:miloslav_trmac:libuser:0.8.2
    cpe:2.3:a:miloslav_trmac:libuser:0.8.2
  • cpe:2.3:a:miloslav_trmac:libuser:0.8.1
    cpe:2.3:a:miloslav_trmac:libuser:0.8.1
  • cpe:2.3:a:miloslav_trmac:libuser:0.8
    cpe:2.3:a:miloslav_trmac:libuser:0.8
  • cpe:2.3:a:miloslav_trmac:libuser:0.7
    cpe:2.3:a:miloslav_trmac:libuser:0.7
  • cpe:2.3:a:miloslav_trmac:libuser:0.6
    cpe:2.3:a:miloslav_trmac:libuser:0.6
  • cpe:2.3:a:miloslav_trmac:libuser:0.5
    cpe:2.3:a:miloslav_trmac:libuser:0.5
  • cpe:2.3:a:miloslav_trmac:libuser:0.4
    cpe:2.3:a:miloslav_trmac:libuser:0.4
  • cpe:2.3:a:miloslav_trmac:libuser:0.3
    cpe:2.3:a:miloslav_trmac:libuser:0.3
  • cpe:2.3:a:miloslav_trmac:libuser:0.2
    cpe:2.3:a:miloslav_trmac:libuser:0.2
  • cpe:2.3:a:miloslav_trmac:libuser:0.1
    cpe:2.3:a:miloslav_trmac:libuser:0.1
CVSS
Base: 6.4 (as of 24-01-2011 - 10:12)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0170.NASL
    description Updated libuser packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages. It was discovered that libuser did not set the password entry correctly when creating LDAP (Lightweight Directory Access Protocol) users. If an administrator did not assign a password to an LDAP based user account, either at account creation with luseradd, or with lpasswd after account creation, an attacker could use this flaw to log into that account with a default password string that should have been rejected. (CVE-2011-0002) Note: LDAP administrators that have used libuser tools to add users should check existing user accounts for plain text passwords, and reset them as necessary. Users of libuser should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 51885
    published 2011-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51885
    title CentOS 4 / 5 : libuser (CESA-2011:0170)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0170.NASL
    description From Red Hat Security Advisory 2011:0170 : Updated libuser packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages. It was discovered that libuser did not set the password entry correctly when creating LDAP (Lightweight Directory Access Protocol) users. If an administrator did not assign a password to an LDAP based user account, either at account creation with luseradd, or with lpasswd after account creation, an attacker could use this flaw to log into that account with a default password string that should have been rejected. (CVE-2011-0002) Note: LDAP administrators that have used libuser tools to add users should check existing user accounts for plain text passwords, and reset them as necessary. Users of libuser should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68185
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68185
    title Oracle Linux 4 / 5 / 6 : libuser (ELSA-2011-0170)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0316.NASL
    description Fixes default userPassword value on LDAP; note that this affects only accounts for which the password was not changed later. In addition to installing this update, maintainers of LDAP servers used for authentication should review their LDAP directory for unexpected plaintext userPassword values. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 51646
    published 2011-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51646
    title Fedora 14 : libuser-0.56.18-3.fc14 (2011-0316)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110120_LIBUSER_ON_SL4_X.NASL
    description It was discovered that libuser did not set the password entry correctly when creating LDAP (Lightweight Directory Access Protocol) users. If an administrator did not assign a password to an LDAP based user account, either at account creation with luseradd, or with lpasswd after account creation, an attacker could use this flaw to log into that account with a default password string that should have been rejected. (CVE-2011-0002) Note: LDAP administrators that have used libuser tools to add users should check existing user accounts for plain text passwords, and reset them as necessary.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60941
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60941
    title Scientific Linux Security Update : libuser on SL4.x, SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0320.NASL
    description Fixes default userPassword value on LDAP; note that this affects only accounts for which the password was not changed later. In addition to installing this update, maintainers of LDAP servers used for authentication should review their LDAP directory for unexpected plaintext userPassword values. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 51647
    published 2011-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51647
    title Fedora 13 : libuser-0.56.16-1.fc13.2 (2011-0320)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-019.NASL
    description A vulnerability has been found and corrected in libuser : libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values (CVE-2011-0002). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 51810
    published 2011-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51810
    title Mandriva Linux Security Advisory : libuser (MDVSA-2011:019)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0170.NASL
    description Updated libuser packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages. It was discovered that libuser did not set the password entry correctly when creating LDAP (Lightweight Directory Access Protocol) users. If an administrator did not assign a password to an LDAP based user account, either at account creation with luseradd, or with lpasswd after account creation, an attacker could use this flaw to log into that account with a default password string that should have been rejected. (CVE-2011-0002) Note: LDAP administrators that have used libuser tools to add users should check existing user accounts for plain text passwords, and reset them as necessary. Users of libuser should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 51590
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51590
    title RHEL 4 / 5 / 6 : libuser (RHSA-2011:0170)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0013.NASL
    description a. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 56665
    published 2011-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56665
    title VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89681
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89681
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)
redhat via4
advisories
bugzilla
id 643227
title CVE-2011-0002 libuser creates LDAP users with a default password
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment libuser is earlier than 0:0.52.5-1.1.el4_8.1
          oval oval:com.redhat.rhsa:tst:20110170002
        • comment libuser is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20110170003
      • AND
        • comment libuser-devel is earlier than 0:0.52.5-1.1.el4_8.1
          oval oval:com.redhat.rhsa:tst:20110170004
        • comment libuser-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20110170005
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment libuser is earlier than 0:0.54.7-2.1.el5_5.2
          oval oval:com.redhat.rhsa:tst:20110170007
        • comment libuser is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110170008
      • AND
        • comment libuser-devel is earlier than 0:0.54.7-2.1.el5_5.2
          oval oval:com.redhat.rhsa:tst:20110170009
        • comment libuser-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110170010
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment libuser is earlier than 0:0.56.13-4.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110170015
        • comment libuser is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110170016
      • AND
        • comment libuser-devel is earlier than 0:0.56.13-4.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110170017
        • comment libuser-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110170018
      • AND
        • comment libuser-python is earlier than 0:0.56.13-4.el6_0.1
          oval oval:com.redhat.rhsa:tst:20110170019
        • comment libuser-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110170020
rhsa
id RHSA-2011:0170
released 2011-01-20
severity Moderate
title RHSA-2011:0170: libuser security update (Moderate)
rpms
  • libuser-0:0.52.5-1.1.el4_8.1
  • libuser-devel-0:0.52.5-1.1.el4_8.1
  • libuser-0:0.54.7-2.1.el5_5.2
  • libuser-devel-0:0.54.7-2.1.el5_5.2
  • libuser-0:0.56.13-4.el6_0.1
  • libuser-devel-0:0.56.13-4.el6_0.1
  • libuser-python-0:0.56.13-4.el6_0.1
refmap via4
bid 45791
confirm
fedora
  • FEDORA-2011-0316
  • FEDORA-2011-0320
mandriva MDVSA-2011:019
osvdb 70421
sectrack 1024960
secunia
  • 42891
  • 42966
  • 43047
vupen
  • ADV-2011-0184
  • ADV-2011-0201
  • ADV-2011-0226
xf libuser-password-security-bypass(64677)
Last major update 07-12-2016 - 22:01
Published 22-01-2011 - 17:00
Last modified 16-08-2017 - 21:33
Back to Top