Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4313

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-4313
Last Modified 21 Aug 2010 01:24:10
Published 26 Nov 2008 07:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4313

Summary

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 5.0

  • Redhat Enterprise Linux Desktop 5.0


References

CONFIRM - https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=459217

CONFIRM - https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9

XF - togpegasus-wbem-security-bypass(46829)

SECTRACK - 1021283

BID - 32460

REDHAT - RHSA-2008:1001

SECUNIA - 32862

OSVDB - 50277


Last Updated: 27 May 2016 10:48:27