CVE-2011-1786 : lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build

lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence.

Published 2011-05-03 22:55:03

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2011-1786

Vmware » Esxi » Version: 4.1
cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*
Matching versions
Vmware » ESX » Version: 4.1
cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*
Matching versions
Likewise » Likewise Open » Version: 6.0
cpe:2.3:a:likewise:likewise_open:6.0:*:*:*:*:*:*:*
Matching versions
Likewise » Likewise Open » Version: 5.3 Enterprise Edition
cpe:2.3:a:likewise:likewise_open:5.3:*:enterprise:*:*:*:*:*
Matching versions
Likewise » Likewise Open » Version: 6.0 Enterprise Edition
cpe:2.3:a:likewise:likewise_open:6.0:*:enterprise:*:*:*:*:*
Matching versions

Threat overview for CVE-2011-1786

Top countries where our scanners detected CVE-2011-1786

Top open port discovered on systems with this issue 443

IPs affected by CVE-2011-1786 72

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2011-1786!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2011-1786

EPSS FAQ

2.77%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-1786

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2011-1786

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1786

http://lists.vmware.com/pipermail/security-announce/2011/000133.html

[Security-announce] VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

CVEs referencing this url
http://www.securityfocus.com/bid/47625

Likewise 'lsassd' Service Remote Denial of Service Vulnerability
http://www.vmware.com/security/advisories/VMSA-2011-0007.html

VMSA-2011-0007
Vendor Advisory

CVEs referencing this url
http://www.likewise.com/community/index.php/forums/viewannounce/1104_27/

Page not found - Likewise
https://exchange.xforce.ibmcloud.com/vulnerabilities/67194

Likewise Open and Likewise Enterprise lsaad denial of service CVE-2011-1786 Vulnerability Report
http://kb.vmware.com/kb/1035108

Article Detail

CVEs referencing this url
http://secunia.com/advisories/44349

Sign in
Vendor Advisory
http://www.securityfocus.com/archive/1/517739/100/0/threaded

SecurityFocus

CVEs referencing this url
http://securityreason.com/securityalert/8240

VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console - CXSecurity.com

CVEs referencing this url
http://securitytracker.com/id?1025452

VMware ESXi and ESX Socket Consumption and Likewise Login Bug Let Remote Users Deny Service - SecurityTracker

CVEs referencing this url