_____________________________________________________________ Likewise Security Advisory LWSA-2011-002 http://www.likewise.com/ _____________________________________________________________ Package : Likewise Open & Likewise Enterprise Service : Likewise Security Authority (lsassd) Date : July 12, 2011 Platform(s) : Linux, OS X, Solaris, HP-UX, AIX, FreeBSD Versions : Likewise Open 5.4 Likewise Open 6.0 Likewise Open 6.1 Likewise Enterprise 6.0 CVE(s) : CVE-2011-2467 _____________________________________________________________ Summary: The Likewise Security Authority (Lsass) utilizes the sqlite database engine for managing users and groups created by the local authentication provider. A SQL injection issue has been identified that could allow an attacker to craft a query that would result in local elevation of privileges. Proof-of-concept code has been developed internally to Likewise for local privilege escalation attacks. _____________________________________________________________ Workaround: Administrators who are unable to upgrade to releases of Likewise Open or Likewise Enterprise may mitigate the vulnerability by disabling the local provider in the "LoadOrder" value stored under the following subkey in the Likewise registry. [HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers] "LoadOrder"=sza:"ActiveDirectory" _____________________________________________________________ Updated Packages: New packages for Likewise Open have been made available at the following URL: http://www.likewise.com/products/likewise_open/ Likewise Enterprise customers are encouraged to obtain updated packages through their normal support channels. _____________________________________________________________ Likewise Security Team security@likewise.com http://www.likewise.com/ _____________________________________________________________