CVE-2008-0003: Buffer Overflow
First published: Sat Dec 22 2007(Updated: )
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tog-pegasus | <2:2.5.1-5.el4_6.1 | 2:2.5.1-5.el4_6.1 |
| redhat/tog-pegasus | <2:2.5.1-2.el4_5.1 | 2:2.5.1-2.el4_5.1 |
| redhat/tog-pegasus | <2:2.6.1-2.el5_1.1 | 2:2.6.1-2.el5_1.1 |
| redhat/2.6.0 | <3. | 3. |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =4.5.z | |
| Red Hat Enterprise Linux | =4.5.z | |
| Redhat Enterprise Linux Desktop | =4.0 | |
| Redhat Enterprise Linux Desktop | =5.0 | |
| OpenPegasus Management server | =2.6.1 |
Remedy
The tog-pegasus package is not installed by default on Red Hat Enterprise Linux. tog-pegasus supplied by Red Hat binds only to one port (as plain http is disabled), port 5989. The default firewall installed by Red Hat Enterprise Linux will block remote access to this port. In normal use it's unlikely you'd want to have this port accessible outside of an intranet anyway, and it's likely to be blocked by enterprise border firewalls. However if tog-pegasus has been installed and unblocked through the fireware, the Red Hat Security Response Team believes that it would still be hard to remotely exploit this issue to execute arbitrary code due to the default SELinux targeted policy on Enterprise Linux 4 and 5, and the SELinux memory protections enabled by default on Enterprise Linux 5.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=426578
- http://www.redhat.com/support/errata/RHSA-2008-0002.html
- http://secunia.com/advisories/28338
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html
- http://www.attrition.org/pipermail/vim/2008-January/001879.html
- http://secunia.com/advisories/28462
- http://www.securityfocus.com/bid/27172
- http://www.securityfocus.com/bid/27188
- http://securitytracker.com/id?1019159
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129
- http://secunia.com/advisories/29056
- http://lists.vmware.com/pipermail/security-announce/2008/000014.html
- http://secunia.com/advisories/29785
- http://secunia.com/advisories/29986
- http://osvdb.org/40082
- http://www.vupen.com/english/advisories/2008/0638
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
- http://www.vupen.com/english/advisories/2008/1391/references
- http://www.vupen.com/english/advisories/2008/1234/references
- http://www.vupen.com/english/advisories/2008/0063
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39527
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282
- http://www.securityfocus.com/archive/1/490917/100/0/threaded
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=426568
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=290635&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=290635&action=edit
- https://access.redhat.com/security/cve/CVE-2008-0003
- http://www.openpegasus.org/pm/show_mail.tpl?CALLER=index.tpl&source=L&listname=pegasus-commit&id=20965&listid=pegasus-commit
- http://cvs.opengroup.org/cgi-bin/cvsweb.cgi/pegasus/src/Pegasus/Security/Cimservera/Attic/cimservera.cpp.diff?cvsroot=Pegasus&r1=1.6&r2=1.6.32.1&f=H&only_with_tag=RELEASE_2_6-branch
- https://rhn.redhat.com/errata/RHSA-2008-0002.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=426578#c1
- http://marc.info/?l=full-disclosure&m=119975801904357&w=2
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360
- https://www.cve.org/CVERecord?id=CVE-2008-0003 https://nvd.nist.gov/vuln/detail/CVE-2008-0003
- https://access.redhat.com/errata/RHSA-2008:0002
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0003.json
Frequently Asked Questions
What is the severity of CVE-2008-0003?
CVE-2008-0003 has been assigned a high severity rating due to the potential for remote code execution.
How do I fix CVE-2008-0003?
To mitigate CVE-2008-0003, upgrade to the patched versions of the tog-pegasus package as recommended by your vendor.
Which software is affected by CVE-2008-0003?
CVE-2008-0003 affects the tog-pegasus package on certain versions of Red Hat Enterprise Linux.
Can CVE-2008-0003 allow unauthorized access?
Yes, CVE-2008-0003 may allow remote attackers to gain unauthorized access through a buffer overflow vulnerability.
Is CVE-2008-0003 specific to any operating system version?
CVE-2008-0003 impacts specific versions of Red Hat Enterprise Linux and OpenPegasus Management server when they are configured improperly.
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- agent/references
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- collector/redhat-cve
- source/Red Hat
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- alias/CVE-2008-0003
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- package-manager/redhat
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/4.0
- version/red hat enterprise linux/4.5.z
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/4.0
- version/redhat enterprise linux desktop/5.0
- vendor/openpegasus
- canonical/openpegasus management server
- version/openpegasus management server/2.6.1