CVE-2008-4313
First published: Fri Aug 15 2008(Updated: )
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux Desktop | =5.0 | |
| Openpegasus Openpegasus Wbem | =2.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
- http://www.securityfocus.com/bid/32460
- http://secunia.com/advisories/32862
- https://bugzilla.redhat.com/show_bug.cgi?id=459217
- http://www.redhat.com/support/errata/RHSA-2008-1001.html
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
- http://www.securitytracker.com/id?1021283
- http://osvdb.org/50277
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46829
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- agent/description
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-4313
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- vendor/openpegasus
- canonical/openpegasus openpegasus wbem
- version/openpegasus openpegasus wbem/2.7.0