Executive Summary

Summary
Title	HP StorageWorks X9000 Network Storage Systems, Remote Unauthenticated Access

Informations
Name	HPSBST02630 SSRT1000385	First vendor Publication	2011-02-07
Vendor	HP	Last vendor Modification	2011-02-07
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with HP StorageWorks X9000 Network Storage Systems. This vulnerability could be exploited to allow remote unauthenticated access to the accounts with expired passwords.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02712670

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-287	Improper Authentication

OVAL Definitions

 

Definition Id: oval:org.mitre.oval:def:13389
Oval ID:	oval:org.mitre.oval:def:13389
Title:	USN-964-1 -- likewise-open vulnerability
Description:	Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to.
Family:	unix	Class:	patch
Reference(s):	USN-964-1 CVE-2010-0833	Version:	5
Platform(s):	Ubuntu 10.04	Product(s):	likewise-open
Definition Synopsis:
Ubuntu 10.04 is installed  Architecture section Architecture independet section Installed architecture is all AND Packages section likewise-open5-eventlog DPKG is earlier than 5.4.0.42111-2ubuntu1.1 AND likewise-open5-lsass DPKG is earlier than 5.4.0.42111-2ubuntu1.1 AND likewise-open5-gui DPKG is earlier than 5.4.0.42111-2ubuntu1.1 AND likewise-open5-libs DPKG is earlier than 5.4.0.42111-2ubuntu1.1 AND likewise-open5 DPKG is earlier than 5.4.0.42111-2ubuntu1.1 AND likewise-open5-rpc DPKG is earlier than 5.4.0.42111-2ubuntu1.1 AND likewise-open5-netlogon DPKG is earlier than 5.4.0.42111-2ubuntu1.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Packages section likewise-open-gui DPKG is earlier than 5.4.0.42111-2ubuntu1.1 AND likewise-open-server DPKG is earlier than 5.4.0.42111-2ubuntu1.1 AND likewise-open DPKG is earlier than 5.4.0.42111-2ubuntu1.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Likewise Likewise Cifs cpe:2.3:a:likewise:likewise_cifs:5.4:*:*:*:*:*:*:*	1
Application	Likewise Likewise Open cpe:2.3:a:likewise:likewise_open:6.0:*:*:*:*:*:*:* cpe:2.3:a:likewise:likewise_open:5.4:*:*:*:*:*:*:*	2

OpenVAS Exploits

Date	Description
2010-07-30	Name : Ubuntu Update for likewise-open vulnerability USN-964-1 File : nvt/gb_ubuntu_USN_964_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
66806	Likewise Open / Likewise-CIFS pam_lsass Library SetPassword Logic Expired Pas...

Nessus® Vulnerability Scanner

Date	Description
2010-07-27	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-964-1.nasl - Type : ACT_GATHER_INFO