RHSA-2008:0002: Critical: tog-pegasus security update
First published: Mon Jan 07 2008(Updated: )
The tog-pegasus packages provide OpenPegasus Web-Based Enterprise<br>Management (WBEM) services. WBEM is a platform and resource independent<br>DMTF standard that defines a common information model, and communication<br>protocol for monitoring and controlling resources.<br>During a security audit, a stack buffer overflow flaw was found in the PAM<br>authentication code in the OpenPegasus CIM management server. An<br>unauthenticated remote user could trigger this flaw and potentially execute<br>arbitrary code with root privileges. (CVE-2008-0003)<br>Note that the tog-pegasus packages are not installed by default on Red Hat<br>Enterprise Linux. The Red Hat Security Response Team believes that it would<br>be hard to remotely exploit this issue to execute arbitrary code, due to<br>the default SELinux targeted policy on Red Hat Enterprise Linux 4 and 5,<br>and the SELinux memory protection tests enabled by default on Red Hat<br>Enterprise Linux 5.<br>Users of tog-pegasus should upgrade to these updated packages, which<br>contain a backported patch to resolve this issue. After installing the<br>updated packages the tog-pegasus service should be restarted.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tog-pegasus | <2.6.1-2.el5_1.1 | 2.6.1-2.el5_1.1 |
| redhat/tog-pegasus | <2.6.1-2.el5_1.1 | 2.6.1-2.el5_1.1 |
| redhat/tog-pegasus-devel | <2.6.1-2.el5_1.1 | 2.6.1-2.el5_1.1 |
| redhat/tog-pegasus-devel | <2.6.1-2.el5_1.1 | 2.6.1-2.el5_1.1 |
| redhat/tog-pegasus | <2.5.1-5.el4_6.1 | 2.5.1-5.el4_6.1 |
| redhat/tog-pegasus | <2.5.1-5.el4_6.1 | 2.5.1-5.el4_6.1 |
| redhat/tog-pegasus-devel | <2.5.1-5.el4_6.1 | 2.5.1-5.el4_6.1 |
| redhat/tog-pegasus-test | <2.5.1-5.el4_6.1 | 2.5.1-5.el4_6.1 |
| redhat/tog-pegasus-devel | <2.5.1-5.el4_6.1 | 2.5.1-5.el4_6.1 |
| redhat/tog-pegasus-test | <2.5.1-5.el4_6.1 | 2.5.1-5.el4_6.1 |
| redhat/tog-pegasus | <2.5.1-2.el4_5.1 | 2.5.1-2.el4_5.1 |
| redhat/tog-pegasus | <2.5.1-2.el4_5.1 | 2.5.1-2.el4_5.1 |
| redhat/tog-pegasus-devel | <2.5.1-2.el4_5.1 | 2.5.1-2.el4_5.1 |
| redhat/tog-pegasus-test | <2.5.1-2.el4_5.1 | 2.5.1-2.el4_5.1 |
| redhat/tog-pegasus-devel | <2.5.1-2.el4_5.1 | 2.5.1-2.el4_5.1 |
| redhat/tog-pegasus-test | <2.5.1-2.el4_5.1 | 2.5.1-2.el4_5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2008:0002?
RHSA-2008:0002 is classified as a critical vulnerability.
How do I fix RHSA-2008:0002?
To fix RHSA-2008:0002, update the affected tog-pegasus packages to version 2.6.1-2.el5_1.1 or 2.5.1-5.el4_6.1 depending on your system.
Which systems are affected by RHSA-2008:0002?
RHSA-2008:0002 affects Red Hat Enterprise Linux versions 4 and 5 with specific versions of tog-pegasus packages.
What are the risks of not addressing RHSA-2008:0002?
Not addressing RHSA-2008:0002 exposes systems to critical vulnerabilities that can allow unauthorized access and control.
Is there a workaround for RHSA-2008:0002?
There are no specific workarounds for RHSA-2008:0002; it is recommended to apply the necessary updates.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0002
- agent/software-canonical-lookup
- agent/references
- agent/title
- agent/weakness
- agent/remedy
- agent/description
- agent/event
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat