Executive Summary

Informations
Name CVE-2008-4313 First vendor Publication 2008-11-26
Vendor Cve Last vendor Modification 2017-09-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score 6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4313

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9556
 
Oval ID: oval:org.mitre.oval:def:9556
Title: A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
Description: A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4313
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1

OpenVAS Exploits

Date Description
2009-03-06 Name : RedHat Update for tog-pegasus RHSA-2008:1001-01
File : nvt/gb_RHSA-2008_1001-01_tog-pegasus.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50277 OpenPegasus WBEM Services (tog-pegasus) on Red Hat Linux Access Control Rever...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-1001.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081125_tog_pegasus_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-1001.nasl - Type : ACT_GATHER_INFO
2008-11-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1001.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/32460
CONFIRM https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
https://bugzilla.redhat.com/show_bug.cgi?id=459217
OSVDB http://osvdb.org/50277
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2008-1001.html
SECTRACK http://www.securitytracker.com/id?1021283
SECUNIA http://secunia.com/advisories/32862
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46829

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2020-05-23 00:22:20
  • Multiple Updates
2017-09-29 09:23:44
  • Multiple Updates
2017-08-08 09:24:24
  • Multiple Updates
2016-06-28 17:18:37
  • Multiple Updates
2016-04-26 17:51:56
  • Multiple Updates
2014-02-17 10:46:47
  • Multiple Updates
2013-05-11 00:27:14
  • Multiple Updates