It was discovered that libuser did not set the password entry correctly when creating LDAP (Lightweight Directory Access Protocol) users. If an administrator did not assign a password to an LDAP based user account, either at account creation with luseradd, or with lpasswd after account creation, an attacker could use this flaw to log into that account with a default password string that should have been rejected. (CVE-2011-0002)

Note: LDAP administrators that have used libuser tools to add users should check existing user accounts for plain text passwords, and reset them as necessary.

The remote Redhat Enterprise Linux 4 / 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0170 advisory.

    The libuser library implements a standardized interface for manipulating     and administering user and group accounts. Sample applications that are     modeled after applications from the shadow password suite (shadow-utils)     are included in these packages.

    It was discovered that libuser did not set the password entry correctly     when creating LDAP (Lightweight Directory Access Protocol) users. If an     administrator did not assign a password to an LDAP based user account,     either at account creation with luseradd, or with lpasswd after account     creation, an attacker could use this flaw to log into that account with a     default password string that should have been rejected. (CVE-2011-0002)

    Note: LDAP administrators that have used libuser tools to add users should     check existing user accounts for plain text passwords, and reset them as     necessary.

    Users of libuser should upgrade to these updated packages, which contain a     backported patch to correct this issue.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A vulnerability has been found and corrected in libuser :

libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values (CVE-2011-0002).

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been patched to correct this issue.

Updated libuser packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages.

It was discovered that libuser did not set the password entry correctly when creating LDAP (Lightweight Directory Access Protocol) users. If an administrator did not assign a password to an LDAP based user account, either at account creation with luseradd, or with lpasswd after account creation, an attacker could use this flaw to log into that account with a default password string that should have been rejected. (CVE-2011-0002)

Note: LDAP administrators that have used libuser tools to add users should check existing user accounts for plain text passwords, and reset them as necessary.

Users of libuser should upgrade to these updated packages, which contain a backported patch to correct this issue.

a. ESX third-party update for Service Console openssl RPM

   The Service Console openssl RPM is updated to    openssl-0.9.8e.12.el5_5.7 resolving two security issues.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2008-7270 and CVE-2010-4180 to these    issues.
   b. ESX third-party update for Service Console libuser RPM     The Service Console libuser RPM is updated to version    0.54.7-2.1.el5_5.2 to resolve a security issue.
     The Common Vulnerabilities and Exposures Project (cve.mitre.org)    has assigned the name CVE-2011-0002 to this issue.
  c. ESX third-party update for Service Console nss and nspr RPMs     The Service Console Network Security Services (NSS) and Netscape    Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1    and nss-3.12.8-4 resolving multiple security issues.
     The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2010-3170 and CVE-2010-3173 to these    issues.
  d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24

   Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses    multiple security issues that existed in earlier releases of    Oracle (Sun) JRE.
     The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the following names to the security issues fixed in    JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,    CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,    CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,    CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,    CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,    CVE-2010-4475 and CVE-2010-4476.
     The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the following names to the security issues fixed in    JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,    CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,    CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,    CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,    CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,    CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,    CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and    CVE-2010-3574.
  e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30

   Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses    multiple security issues that existed in earlier releases of    Oracle (Sun) JRE.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the following names to the security issues fixed in    Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,    CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,    CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the following names to the security issues fixed in    Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,    CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,    CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,    CVE-2010-4475, CVE-2010-4476.

f. Integer overflow in VMware third-party component sfcb

   This release resolves an integer overflow issue present in the    third-party library SFCB when the httpMaxContentLength has been    changed from its default value to 0 in in /etc/sfcb/sfcb.cfg.
   The integer overflow could allow remote attackers to cause a    denial of service (heap memory corruption) or possibly execute    arbitrary code via a large integer in the Content-Length HTTP    header.
     The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the name CVE-2010-2054 to this issue.

Fixes default userPassword value on LDAP; note that this affects only accounts for which the password was not changed later. In addition to installing this update, maintainers of LDAP servers used for authentication should review their LDAP directory for unexpected plaintext userPassword values.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0170 advisory.

    [0.56.13-4]
    - Correctly mark the LDAP default password value as encrypted (CVE-2011-0002)       Resolves: #668020

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :

  - Java Runtime Environment (JRE)
  - libuser
  - Netscape Portable Runtime (NSPR) 
  - Network Security Services (NSS)
  - OpenSSL

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - libuser creates LDAP users with a default password (CVE-2011-0002)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

ID	Name	Product	Family	Published	Updated	Severity
60941	Scientific Linux Security Update : libuser on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	medium
51590	RHEL 4 / 5 / 6 : libuser (RHSA-2011:0170)	Nessus	Red Hat Local Security Checks	1/21/2011	11/4/2024	critical
51810	Mandriva Linux Security Advisory : libuser (MDVSA-2011:019)	Nessus	Mandriva Local Security Checks	1/28/2011	1/6/2021	medium
51885	CentOS 4 / 5 : libuser (CESA-2011:0170)	Nessus	CentOS Local Security Checks	2/6/2011	1/4/2021	medium
56665	VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	Nessus	VMware ESX Local Security Checks	10/28/2011	1/6/2021	critical
51646	Fedora 14 : libuser-0.56.18-3.fc14 (2011-0316)	Nessus	Fedora Local Security Checks	1/24/2011	1/11/2021	medium
68185	Oracle Linux 5 / 6 : libuser (ELSA-2011-0170)	Nessus	Oracle Linux Local Security Checks	7/12/2013	10/22/2024	critical
89681	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)	Nessus	Misc.	3/4/2016	1/6/2021	critical
199388	RHEL 3 : libuser (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	6/3/2024	6/3/2024	critical
51647	Fedora 13 : libuser-0.56.16-1.fc13.2 (2011-0320)	Nessus	Fedora Local Security Checks	1/24/2011	1/11/2021	medium

Detections

Analytics

Plugins Search

medium

critical

medium

medium

critical

medium

critical

critical

critical

medium