Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0003

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-0003
Last Modified 07 Mar 2011 12:00:00
Published 08 Jan 2008 03:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0003

Summary

Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.

Vulnerable Systems

Application

  • Openpegasus Management Server 2.6.1


References

BID - 27188

REDHAT - RHSA-2008:0002

FEDORA - FEDORA-2008-0572

FEDORA - FEDORA-2008-0506

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=426578

XF - openpegasus-pambasic-bo(39527)

CONFIRM - http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129

VUPEN - ADV-2008-1391

VUPEN - ADV-2008-1234

VUPEN - ADV-2008-0638

VUPEN - ADV-2008-0063

BID - 27172

BUGTRAQ - 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

VIM - 20080115 vuldb confusion between OpenPegasus issues

SECTRACK - 1019159

SECUNIA - 29986

SECUNIA - 29785

SECUNIA - 29056

SECUNIA - 28462

SECUNIA - 28338

OSVDB - 40082

MLIST - [Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

HP - SSRT080000

HP - HPSBMA02331


Last Updated: 27 May 2016 10:46:38