Vulnerability Name:

CVE-2011-1786 (CCN-67194)

Assigned:2011-04-27
Published:2011-04-27
Updated:2018-10-09
Summary:lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2011-1786

Source: CONFIRM
Type: UNKNOWN
http://kb.vmware.com/kb/1035108

Source: MLIST
Type: UNKNOWN
[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

Source: CCN
Type: SA44349
Likewise Open / Enterprise lsassd Service Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
44349

Source: SREASON
Type: UNKNOWN
8240

Source: SECTRACK
Type: UNKNOWN
1025452

Source: CCN
Type: LWSA-2011-001
Lsassd Remote DoS

Source: CONFIRM
Type: UNKNOWN
http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/

Source: CCN
Type: OSVDB ID: 73742
Likewise Open / Enterprise lsassd Service Remote DoS

Source: BUGTRAQ
Type: UNKNOWN
20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

Source: BID
Type: UNKNOWN
47625

Source: CCN
Type: BID-47625
Likewise 'lsassd' Service Remote Denial of Service Vulnerability

Source: CCN
Type: VMSA-2011-0007
VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

Source: CONFIRM
Type: Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0007.html

Source: XF
Type: UNKNOWN
likewise-lsaad-dos(67194)

Source: XF
Type: UNKNOWN
likewise-lsaad-dos(67194)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:likewise:likewise_open:5.3:*:enterprise:*:*:*:*:*
  • OR cpe:/a:likewise:likewise_open:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:likewise:likewise_open:6.0:*:enterprise:*:*:*:*:*
  • OR cpe:/a:vmware:esx:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esxi:4.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:esx_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esxi:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esxi:4.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:20427
    V
    		VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
    2014-01-20
    BACK
    likewise likewise open 5.3
    likewise likewise open 6.0
    likewise likewise open 6.0
    vmware esx 4.1
    vmware esxi 4.1
    vmware esx server 4.0
    vmware esxi 4.0
    vmware esxi 4.1