Vulnerability Description
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux | 5.0 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Openpegasus | Openpegasus Wbem | 2.7.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/50277
- http://secunia.com/advisories/32862Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2008-1001.html
- http://www.securityfocus.com/bid/32460
- http://www.securitytracker.com/id?1021283
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=459217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46829
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://osvdb.org/50277
- http://secunia.com/advisories/32862Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2008-1001.html
- http://www.securityfocus.com/bid/32460
- http://www.securitytracker.com/id?1021283
FAQ
What is CVE-2008-4313?
CVE-2008-4313 is a vulnerability with a CVSS score of 6.0 (MEDIUM). A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send...
How severe is CVE-2008-4313?
CVE-2008-4313 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4313?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Openpegasus Openpegasus Wbem.