CVE-2008-4315
First published: Tue Nov 18 2008(Updated: )
A security flaw was found in the OpenPegasus WBEM service, shipped as tog-pegasus package within the Red Hat Enterprise Linux. It was discovered, the OpenPegasus service did not log failed authentication attempts to the system log file via the traditional Pluggable Authentication Modules mechanism. An attacker could use this flaw to discover the password of the root account used for the authentication against the CIM server.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux Desktop | =5.0 | |
| Openpegasus Openpegasus Wbem | =2.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
- https://bugzilla.redhat.com/show_bug.cgi?id=472017
- http://www.redhat.com/support/errata/RHSA-2008-1001.html
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
- http://secunia.com/advisories/32862
- http://www.securitytracker.com/id?1021281
- http://osvdb.org/50278
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46830
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9431
- http://rhn.redhat.com/errata/RHSA-2008-1001.html
- https://admin.fedoraproject.org/updates/F10/FEDORA-2008-10061
- https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9688
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-4315
- agent/tags
- agent/event
- agent/trending
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- vendor/openpegasus
- canonical/openpegasus openpegasus wbem
- version/openpegasus openpegasus wbem/2.7.0