Vulnerability Description
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux | 5.0 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Openpegasus | Openpegasus Wbem | 2.7.0 |
References
- http://osvdb.org/50278
- http://secunia.com/advisories/32862Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2008-1001.html
- http://www.securitytracker.com/id?1021281
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
- https://bugzilla.redhat.com/show_bug.cgi?id=472017
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46830
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://osvdb.org/50278
- http://secunia.com/advisories/32862Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2008-1001.html
- http://www.securitytracker.com/id?1021281
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
FAQ
What is CVE-2008-4315?
CVE-2008-4315 is a vulnerability with a CVSS score of 6.8 (MEDIUM). tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier fo...
How severe is CVE-2008-4315?
CVE-2008-4315 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4315?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Openpegasus Openpegasus Wbem.