Executive Summary

Informations
Name CVE-2008-4315 First vendor Publication 2008-11-26
Vendor Cve Last vendor Modification 2017-09-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4315

CWE : Common Weakness Enumeration

% Id Name

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22186
 
Oval ID: oval:org.mitre.oval:def:22186
Title: ELSA-2008:1001: tog-pegasus security update (Important)
Description: tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
Family: unix Class: patch
Reference(s): ELSA-2008:1001-01
CVE-2008-4313
CVE-2008-4315
 Version: 13
Platform(s): Oracle Linux 5
 Product(s): tog-pegasus
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29308
 
Oval ID: oval:org.mitre.oval:def:29308
Title: RHSA-2008:1001 -- tog-pegasus security update (Important)
Description: Updated tog-pegasus packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent Distributed Management Task Force (DMTF) standard that defines a common information model and communication protocol for monitoring and controlling resources.
Family: unix Class: patch
Reference(s): RHSA-2008:1001
CESA-2008:1001-CentOS 5
CVE-2008-4313
CVE-2008-4315
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): tog-pegasus
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9431
 
Oval ID: oval:org.mitre.oval:def:9431
Title: tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
Description: tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4315
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1

OpenVAS Exploits

Date Description
2009-03-06 Name : RedHat Update for tog-pegasus RHSA-2008:1001-01
File : nvt/gb_RHSA-2008_1001-01_tog-pegasus.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50278 OpenPegasus CIM server (tog-pegasus) on Red Hat Linux Failed Authentication L...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-1001.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081125_tog_pegasus_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-1001.nasl - Type : ACT_GATHER_INFO
2008-11-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1001.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
https://bugzilla.redhat.com/show_bug.cgi?id=472017
OSVDB http://osvdb.org/50278
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2008-1001.html
SECTRACK http://www.securitytracker.com/id?1021281
SECUNIA http://secunia.com/advisories/32862
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46830

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2020-05-23 00:22:20
  • Multiple Updates
2017-09-29 09:23:44
  • Multiple Updates
2017-08-08 09:24:24
  • Multiple Updates
2016-06-28 17:18:40
  • Multiple Updates
2016-04-26 17:51:56
  • Multiple Updates
2014-02-17 10:46:48
  • Multiple Updates
2013-05-11 00:27:14
  • Multiple Updates