6

CVE-2008-4313

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version5.0 Editionserver
   OpenpegasusOpenpegasus Wbem Version2.7.0
RedhatEnterprise Linux Desktop Version5.0 Editionclient
   OpenpegasusOpenpegasus Wbem Version2.7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.41% 0.692
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://osvdb.org/50277
http://secunia.com/advisories/32862
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-1001.html
http://www.securityfocus.com/bid/32460
http://www.securitytracker.com/id?1021283
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=459217
https://exchange.xforce.ibmcloud.com/vulnerabilities/46829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556