Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5360

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5360
Last Modified 07 Mar 2011 10:00:33
Published 08 Jan 2008 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5360

Summary

Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.

Vulnerable Systems

Application

  • Openpegasus Management Server

  • Vmware Esx Server 3.0.1

  • Vmware Esx Server 3.0.2


References

SECUNIA - 28358

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360

XF - openpegasus-pam-bo(39524)

VUPEN - ADV-2008-1391

VUPEN - ADV-2008-0064

VUPEN - ADV-2008-0063

BUGTRAQ - 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

VIM - 20080115 vuldb confusion between OpenPegasus issues

SECUNIA - 28368

MLIST - [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

HP - HPSBMA02331

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0001.html

BUGTRAQ - 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

SUSE - SUSE-SR:2008:002

SREASON - 3538

SECUNIA - 29986

SECUNIA - 28636

HP - SSRT080000


Last Updated: 27 May 2016 10:47:27