CVE-2011-1786

lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://kb.vmware.com/kb/1035108
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://secunia.com/advisories/44349	Vendor Advisory
http://securityreason.com/securityalert/8240
http://securitytracker.com/id?1025452
http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.securityfocus.com/bid/47625
http://www.vmware.com/security/advisories/VMSA-2011-0007.html	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/67194

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:likewise:likewise_open:5.3::enterprise:::::
	cpe:2.3:a:likewise:likewise_open:6.0:::::::*
	cpe:2.3:a:likewise:likewise_open:6.0::enterprise:::::
	cpe:2.3:a:vmware:esx:4.1:::::::*
	cpe:2.3:a:vmware:esxi:4.1:::::::*

History

No history.

Information

Published : 2011-05-03 22:55

Updated : 2023-12-10 11:03

NVD link : CVE-2011-1786

Mitre link : CVE-2011-1786

CVE.ORG link : CVE-2011-1786

JSON object : View

Products Affected

likewise

likewise_open

vmware

esx
esxi

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2011-1786", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-05-03T22:55:03.043", "references": [{"url": "http://kb.vmware.com/kb/1035108", "source": "cve@mitre.org"}, {"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/44349", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/8240", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1025452", "source": "cve@mitre.org"}, {"url": "http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/47625", "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67194", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence."}, {"lang": "es", "value": "lsassd en Likewise Open /Enterprise versi\u00f3n 5.3 anterior a build 7845, Open versi\u00f3n 6.0 anterior a build 8325, e Enterprise versi\u00f3n 6.0 anterior a build 178, tal y como es distribuido en ESXi versi\u00f3n 4.1 y ESX versi\u00f3n 4.1 de VMware y posiblemente otros productos, permite que los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de un intento de inicio de sesi\u00f3n de Active Directory que proporciona un nombre de usuario que contiene una secuencia de bytes no v\u00e1lida."}], "lastModified": "2018-10-09T19:32:02.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:likewise:likewise_open:5.3:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED105F9A-DEE1-48E8-B929-6462CDFE16E2"}, {"criteria": "cpe:2.3:a:likewise:likewise_open:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC251E44-5986-4A07-BEF5-F0CF9DA7F537"}, {"criteria": "cpe:2.3:a:likewise:likewise_open:6.0:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3337E00D-AB69-44F8-8852-8523C0ACA97D"}, {"criteria": "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF"}, {"criteria": "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73C9E205-87EE-4CE2-A252-DED7BB6D4EAE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}