CVE-2008-4315
First published: Tue Nov 18 2008(Updated: )
A security flaw was found in the OpenPegasus WBEM service, shipped as tog-pegasus package within the Red Hat Enterprise Linux. It was discovered, the OpenPegasus service did not log failed authentication attempts to the system log file via the traditional Pluggable Authentication Modules mechanism. An attacker could use this flaw to discover the password of the root account used for the authentication against the CIM server.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| OpenPegasus | =2.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
- https://bugzilla.redhat.com/show_bug.cgi?id=472017
- http://www.redhat.com/support/errata/RHSA-2008-1001.html
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
- http://secunia.com/advisories/32862
- http://www.securitytracker.com/id?1021281
- http://osvdb.org/50278
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46830
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9431
- http://rhn.redhat.com/errata/RHSA-2008-1001.html
- https://admin.fedoraproject.org/updates/F10/FEDORA-2008-10061
- https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9688
Frequently Asked Questions
What is the severity of CVE-2008-4315?
CVE-2008-4315 has been classified as a moderate severity vulnerability due to the potential for unauthorized access without proper log recording of failed authentication attempts.
How do I fix CVE-2008-4315?
To remediate CVE-2008-4315, update the affected OpenPegasus service to the patched version provided in recent Red Hat updates.
What are the affected versions related to CVE-2008-4315?
CVE-2008-4315 affects Red Hat Enterprise Linux 5.0 and Red Hat Enterprise Linux Desktop 5.0.
Is CVE-2008-4315 exploitable remotely?
CVE-2008-4315 may be exploited remotely due to its association with a service that does not properly log authentication failures.
What systems are impacted by CVE-2008-4315?
Systems running Red Hat Enterprise Linux 5.0 with the OpenPegasus WBEM service installed are impacted by CVE-2008-4315.
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-4315
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- vendor/openpegasus
- canonical/openpegasus
- version/openpegasus/2.7.0