CVE-2008-4313

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/50277
http://secunia.com/advisories/32862	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-1001.html
http://www.securityfocus.com/bid/32460
http://www.securitytracker.com/id?1021283
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=459217
https://exchange.xforce.ibmcloud.com/vulnerabilities/46829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556
http://osvdb.org/50277
http://secunia.com/advisories/32862	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-1001.html
http://www.securityfocus.com/bid/32460
http://www.securitytracker.com/id?1021283
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=459217
https://exchange.xforce.ibmcloud.com/vulnerabilities/46829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:redhat:enterprise_linux:5.0::server:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0::client:::::

cpe:2.3:a:openpegasus:openpegasus_wbem:2.7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:51

Type	Values Removed	Values Added
References	~~() http://osvdb.org/50277 -~~	() http://osvdb.org/50277 -
References	~~() http://secunia.com/advisories/32862 - Vendor Advisory~~	() http://secunia.com/advisories/32862 - Vendor Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2008-1001.html -~~	() http://www.redhat.com/support/errata/RHSA-2008-1001.html -
References	~~() http://www.securityfocus.com/bid/32460 -~~	() http://www.securityfocus.com/bid/32460 -
References	~~() http://www.securitytracker.com/id?1021283 -~~	() http://www.securitytracker.com/id?1021283 -
References	~~() https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 -~~	() https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 -
References	~~() https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 - Patch~~	() https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 - Patch
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=459217 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=459217 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/46829 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/46829 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556 -

Information

Published : 2008-11-27 00:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-4313

Mitre link : CVE-2008-4313

CVE.ORG link : CVE-2008-4313

JSON object : View

Products Affected

openpegasus

openpegasus_wbem

redhat

enterprise_linux
enterprise_linux_desktop

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2008-4313", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-11-27T00:30:00.233", "references": [{"url": "http://osvdb.org/50277", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/32862", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-1001.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/32460", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1021283", "source": "secalert@redhat.com"}, {"url": "https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9", "source": "secalert@redhat.com"}, {"url": "https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459217", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46829", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/50277", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32862", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-1001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/32460", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1021283", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459217", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46829", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services."}, {"lang": "es", "value": "Un parche de Red Hat para tog-pegasus en OpenGroup Pegasus 2.7.0 no configura adecuadamente el nombre PAM tty, lo que permite a usuarios autenticados remotamente evitar las restricciones de acceso previstas y enviar peticiones a servicios OpenPegasus WBEM."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40D71CBC-D365-4710-BAB5-8A1159F35E41"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13B6DE5F-3143-4C63-8D8D-4679CF0F9DC8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openpegasus:openpegasus_wbem:2.7.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D47969DA-1CAD-4547-9BF6-85EDA8710B89"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}

6.0 /10