CVE-2008-4313

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*
cpe:2.3:a:openpegasus:openpegasus_wbem:2.7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:51

Type Values Removed Values Added
References () http://osvdb.org/50277 - () http://osvdb.org/50277 -
References () http://secunia.com/advisories/32862 - Vendor Advisory () http://secunia.com/advisories/32862 - Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2008-1001.html - () http://www.redhat.com/support/errata/RHSA-2008-1001.html -
References () http://www.securityfocus.com/bid/32460 - () http://www.securityfocus.com/bid/32460 -
References () http://www.securitytracker.com/id?1021283 - () http://www.securitytracker.com/id?1021283 -
References () https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 - () https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 -
References () https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 - Patch () https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 - Patch
References () https://bugzilla.redhat.com/show_bug.cgi?id=459217 - () https://bugzilla.redhat.com/show_bug.cgi?id=459217 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/46829 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/46829 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556 -

Information

Published : 2008-11-27 00:30

Updated : 2024-11-21 00:51


NVD link : CVE-2008-4313

Mitre link : CVE-2008-4313

CVE.ORG link : CVE-2008-4313


JSON object : View

Products Affected

redhat

  • enterprise_linux
  • enterprise_linux_desktop

openpegasus

  • openpegasus_wbem
CWE
CWE-264

Permissions, Privileges, and Access Controls