Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4315

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-4315
Last Modified 21 Aug 2010 01:24:10
Published 26 Nov 2008 07:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4315

Summary

tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 5.0

  • Redhat Enterprise Linux Desktop 5.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=472017

CONFIRM - https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10

CONFIRM - https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9

XF - togpegasus-systemlog-weak-security(46830)

SECTRACK - 1021281

REDHAT - RHSA-2008:1001

SECUNIA - 32862

OSVDB - 50278


Last Updated: 27 May 2016 10:48:27