Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1560

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-1560
Last Modified 06 Sep 2011 11:16:11
Published 05 Apr 2011 11:19:34
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1560

Summary

solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.

Vulnerable Systems

Application

  • Ibm Soliddb 4.5.167

  • Ibm Soliddb 4.5.168

  • Ibm Soliddb 4.5.169

  • Ibm Soliddb 4.5.173

  • Ibm Soliddb 4.5.175

  • Ibm Soliddb 4.5.176

  • Ibm Soliddb 4.5.178

  • Ibm Soliddb 4.5.179

  • Ibm Soliddb 4.5.180

  • Ibm Soliddb 6.0.1060

  • Ibm Soliddb 6.0.1061

  • Ibm Soliddb 6.0.1064

  • Ibm Soliddb 6.0.1065

  • Ibm Soliddb 6.0.1066

  • Ibm Soliddb 6.1

  • Ibm Soliddb 6.1.18

  • Ibm Soliddb 6.1.20

  • Ibm Soliddb 6.3.33

  • Ibm Soliddb 6.3.37

  • Ibm Soliddb 6.3.38

  • Ibm Soliddb 6.30.0039

  • Ibm Soliddb 6.30.0040

  • Ibm Soliddb 6.30.0044

  • Ibm Soliddb 6.5.0.0

  • Ibm Soliddb 6.5.0.1

  • Ibm Soliddb 6.5.0.2


References

XF - soliddb-auth-bypass(66455)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-115/

VUPEN - ADV-2011-0854

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21474552

SECUNIA - 44030

OSVDB - 71494


Last Updated: 27 May 2016 10:56:22