CVE-2008-4313

2008-11-2700:30:00

CWE-264

redhat

web.nvd.nist.gov

red hat

tog-pegasus

opengroup pegasus

cve-2008-4313

nvd

access restrictions

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.004

Percentile

72.4%

JSON

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.

Affected configurations

Nvd

Node

redhatenterprise_linuxMatch5.0server

redhatenterprise_linux_desktopMatch5.0client

AND

openpegasusopenpegasus_wbemMatch2.7.0

VendorProductVersionCPE
redhatenterprise_linux5.0cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
redhatenterprise_linux_desktop5.0cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*
openpegasusopenpegasus_wbem2.7.0cpe:2.3:a:openpegasus:openpegasus_wbem:2.7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux	5.0	cpe:2.3:o:redhat:enterprise_linux:5.0::server:::::
redhat	enterprise_linux_desktop	5.0	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0::client:::::
openpegasus	openpegasus_wbem	2.7.0	cpe:2.3:a:openpegasus:openpegasus_wbem:2.7.0:::::::*