Executive Summary

Informations
Name MDVSA-2011:019 First vendor Publication 2011-01-26
Vendor Mandriva Last vendor Modification 2011-01-26
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score 6.4 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been found and corrected in libuser:

libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values (CVE-2011-0002).

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:019

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20643
 
Oval ID: oval:org.mitre.oval:def:20643
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0002
 Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21850
 
Oval ID: oval:org.mitre.oval:def:21850
Title: RHSA-2011:0170: libuser security update (Moderate)
Description: libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
Family: unix Class: patch
Reference(s): RHSA-2011:0170-01
CESA-2011:0170
CVE-2011-0002
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
 Product(s): libuser
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23084
 
Oval ID: oval:org.mitre.oval:def:23084
Title: DEPRECATED: ELSA-2011:0170: libuser security update (Moderate)
Description: libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
Family: unix Class: patch
Reference(s): ELSA-2011:0170-01
CVE-2011-0002
 Version: 7
Platform(s): Oracle Linux 6
Oracle Linux 5
 Product(s): libuser
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23349
 
Oval ID: oval:org.mitre.oval:def:23349
Title: ELSA-2011:0170: libuser security update (Moderate)
Description: libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
Family: unix Class: patch
Reference(s): ELSA-2011:0170-01
CVE-2011-0002
 Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 5
 Product(s): libuser
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 103

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for libuser CESA-2011:0170 centos4 x86_64
File : nvt/gb_CESA-2011_0170_libuser_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for libuser CESA-2011:0170 centos5 x86_64
File : nvt/gb_CESA-2011_0170_libuser_centos5_x86_64.nasl
2011-08-09 Name : CentOS Update for libuser CESA-2011:0170 centos5 i386
File : nvt/gb_CESA-2011_0170_libuser_centos5_i386.nasl
2011-02-11 Name : CentOS Update for libuser CESA-2011:0170 centos4 i386
File : nvt/gb_CESA-2011_0170_libuser_centos4_i386.nasl
2011-01-31 Name : Mandriva Update for libuser MDVSA-2011:019 (libuser)
File : nvt/gb_mandriva_MDVSA_2011_019.nasl
2011-01-24 Name : Fedora Update for libuser FEDORA-2011-0316
File : nvt/gb_fedora_2011_0316_libuser_fc14.nasl
2011-01-24 Name : Fedora Update for libuser FEDORA-2011-0320
File : nvt/gb_fedora_2011_0320_libuser_fc13.nasl
2011-01-21 Name : RedHat Update for libuser RHSA-2011:0170-01
File : nvt/gb_RHSA-2011_0170-01_libuser.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70421 libuser luseradd Default Password Weakness

By default, luseradd assigns a default password when no password is specified. This allows attackers to trivially access new user accounts, or accounts that have never had a password change.

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-12-01 IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity : Category I - VMSKEY : V0030769

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0170.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110120_libuser_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-10-28 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO
2011-02-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0170.nasl - Type : ACT_GATHER_INFO
2011-01-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-019.nasl - Type : ACT_GATHER_INFO
2011-01-24 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0316.nasl - Type : ACT_GATHER_INFO
2011-01-24 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0320.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0170.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:42:02
  • Multiple Updates