Vulnerability Description
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux | 4.0 |
| Redhat | Enterprise Linux Desktop | 4.0 |
| Openpegasus | Management Server | 2.6.1 |
Related Weaknesses (CWE)
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
- http://lists.vmware.com/pipermail/security-announce/2008/000014.html
- http://osvdb.org/40082
- http://secunia.com/advisories/28338Vendor Advisory
- http://secunia.com/advisories/28462Vendor Advisory
- http://secunia.com/advisories/29056Vendor Advisory
- http://secunia.com/advisories/29785Vendor Advisory
- http://secunia.com/advisories/29986Vendor Advisory
- http://securitytracker.com/id?1019159
- http://www.attrition.org/pipermail/vim/2008-January/001879.html
- http://www.redhat.com/support/errata/RHSA-2008-0002.htmlPatch
- http://www.securityfocus.com/archive/1/490917/100/0/threaded
- http://www.securityfocus.com/bid/27172
- http://www.securityfocus.com/bid/27188Patch
- http://www.vupen.com/english/advisories/2008/0063Vendor Advisory
FAQ
What is CVE-2008-0003?
CVE-2008-0003 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC ...
How severe is CVE-2008-0003?
CVE-2008-0003 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0003?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Openpegasus Management Server.