CVE-2011-1786 - lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterpris

CVE-2011-1786

Summary

lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence.

References

Vulnerable Configurations

cpe:2.3:a:likewise:likewise_open:5.3:*:enterprise:*:*:*:*:*
cpe:2.3:a:likewise:likewise_open:5.3:*:enterprise:*:*:*:*:*
cpe:2.3:a:likewise:likewise_open:6.0:*:*:*:*:*:*:*
cpe:2.3:a:likewise:likewise_open:6.0:*:*:*:*:*:*:*
cpe:2.3:a:likewise:likewise_open:6.0:*:enterprise:*:*:*:*:*
cpe:2.3:a:likewise:likewise_open:6.0:*:enterprise:*:*:*:*:*
cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 09-10-2018 - 19:32)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	47625
bugtraq	20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
confirm	http://kb.vmware.com/kb/1035108 http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/ http://www.vmware.com/security/advisories/VMSA-2011-0007.html
mlist	[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
sectrack	1025452
secunia	44349
sreason	8240
xf	likewise-lsaad-dos(67194)

Last major update

09-10-2018 - 19:32

Published

03-05-2011 - 22:55

Last modified

09-10-2018 - 19:32