Lucene search
+L

213 matches found

Tenable Nessus
Tenable Nessus
added 2008/01/14 12:0 a.m.42 views

Fedora 7 : tog-pegasus-2.6.0-3.fc7 (2008-0506)

Thu Jan 10 2008 Vitezslav Crhonek - 2.6.0-3 - Fix PAM authentication buffer overflow CVE-2008-0003 Resolves: 427828 - Wed Mar 28 2007 Vitezslav Crhonek - 2.6.0-2 - Update changelog - Build with Open Pegasus' Makefiles, istall with RedHats Mark Hamzy Note that Tenable Network Security has...

10CVSS5.7AI score0.07809EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2008/01/14 12:0 a.m.33 views

Fedora 8 : tog-pegasus-2.6.1-3.fc8 (2008-0572)

Thu Jan 10 2008 Vitezslav Crhonek - 2.6.1-3 - Fix PAM authentication buffer overflow CVE-2008-0003 Resolves: 427829 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format...

10CVSS5.7AI score0.07809EPSS
Exploits1References4
seebug.org
seebug.org
added 2008/01/10 12:0 a.m.37 views

OpenPegasus管理服务器PAM认证模块远程栈溢出漏洞

BUGTRAQ ID: 27188,27172 CVECAN ID: CVE-2008-0003,CVE-2007-5360 OpenPegasus是一个开源项目,用于实现DMTF CIM和WBEM企业管理标准。 OpenPegasus的PAM认证模块实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 OpenPegasus的PAM认证模块中的PAMBasicAuthenticator::PAMCallback函数存在缓冲区溢出漏洞: // // copy the user password // respi-resp = char mallocPAMMAXMSGSIZE;...

10CVSS0.15327EPSS
Exploits3
NVD
NVD
added 2008/01/08 8:46 p.m.18 views

CVE-2007-5360

Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUSUSEPAMSTANDALONEPROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than...

7.5CVSS7.5AI score0.15327EPSS
Exploits3References17
Prion
Prion
added 2008/01/08 8:46 p.m.20 views

Buffer overflow

Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUSUSEPAMSTANDALONEPROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than...

7.5CVSS7.8AI score0.15327EPSS
Exploits3References17Affected Software1
CVE
CVE
added 2008/01/08 8:0 p.m.71 views

CVE-2007-5360

CVE-2007-5360 : A stack-based buffer overflow in the PAM-authenticated OpenPegasus Management server can allow a remote attacker to execute arbitrary code when OpenPegasus is compiled with PAM support (PEGASUS_USE_PAM_STANDALONE_PROC not defined). This affects VMware ESX Server 3.0.1/3.0.2 deploy...

7.5CVSS7.5AI score0.15327EPSS
Exploits3References17Affected Software2
Tenable Nessus
Tenable Nessus
added 2008/01/08 12:0 a.m.38 views

RHEL 4 / 5 : tog-pegasus (RHSA-2008:0002)

Updated tog-pegasus packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management WBEM...

10CVSS6.7AI score0.07809EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2008/01/07 6:36 p.m.5 views

tog-pegasus pam authentication buffer overflow

Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server tog-pegasus, when compiled to use PAM and without PEGASUSUSEPAMSTANDALONEPROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different...

10CVSS6.4AI score0.07809EPSS
Exploits1References4
Oracle linux
Oracle linux
added 2008/01/07 12:0 a.m.37 views

Critical: tog-pegasus security update

2.6.1-2.el51.1.0.1 - Added pegasus-enterprise.patch to allow detection of enterprise-release 2.6.1-2.el51.1 - Fix PAM authentication buffer overflow CVE-2008-0003 Resolves: 427213...

10CVSS3.2AI score0.07809EPSS
Exploits1
Cent OS
Cent OS
added 2007/06/11 8:19 p.m.80 views

cdda2wav, cdrecord, mkisofs, pam security update

CentOS Errata and Security Advisory CESA-2007:0465 Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication...

3.4CVSS5.7AI score0.00413EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.9 views

MDKA-2006:034 : ipsec-tools

IPsec-Tools1 is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. This update fixes a few issues and introduces new functionalities to the package provided for Mandriva 2006 users: - fixed tunnel mode connection 19460 2 - fixed GSSAPI build - version update: 0.6.6 - enabled...

7.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.19 views

MDKA-2007:001 : samba

A number of minor issues were present in the samba packages shipped with Mandriva 2007.0. For users with filesystem quotas, samba would not indicate the remaining quota as the free disk space as intended. Problems with storing accounts with upper-case usernames in the smbpasswd passdb backend...

7.6AI score
Exploits0References1
securityvulns
securityvulns
added 2006/10/09 12:0 a.m.42 views

yet another OpenSSH timing leak?

Hello Bugtraq, Here we are again... During a recent penetration test i stumbled upon yet another OpenSSH timing leak, leading to remote disclosure of valid usernames. It's not as big as the one i found in the past CVE-2003-0190, but it can indeed be exploited over the Internet, nevertheless. This...

5CVSS6.2AI score0.76751EPSS
Exploits10
OSV
OSV
added 2006/03/07 2:2 a.m.7 views

CVE-2006-0883

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service client connection refusal by connecting multiple times to the SSH server, waiting for the...

6.7AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2006/03/07 12:0 a.m.9 views

PT-2006-1929 · Freebsd +1 · Openam +2

Name of the Vulnerable Software and Affected Versions: OpenSSH on FreeBSD versions 5.3 through 5.4 Description: The issue arises when OpenSSH on FreeBSD is used with OpenPAM and a forked child process terminates during PAM authentication. This allows remote attackers to cause a denial of service ...

10CVSS8AI score0.99506EPSS
Exploits208References344
Prion
Prion
added 2006/02/27 8:6 p.m.18 views

Stack overflow

Stack-based buffer overflow in the pammicasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors...

10CVSS9AI score0.06891EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2006/02/27 8:0 p.m.61 views

CVE-2006-0736

CVE-2006-0736 is a stack-based buffer overflow in the pam_micasa PAM authentication module of CASA, affecting Novell Linux Desktop 9 and Open Enterprise Server 1. The vulnerability allows remote code execution and could grant root access, via remote vectors. The SUSE advisory SUSE-SA:2006:010 con...

10CVSS8.2AI score0.06891EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2006/02/10 12:0 a.m.41 views

Mandrake Linux Security Advisory : openssh (MDKSA-2006:034)

A flaw was discovered in the scp local-to-local copy implementation where filenames that contain shell metacharacters or spaces are expanded twice, which could lead to the execution of arbitrary commands if a local user could be tricked into a scp'ing a specially crafted filename. The provided...

4.6CVSS6.7AI score0.00474EPSS
Exploits1References1
securityvulns
securityvulns
added 2005/09/26 12:0 a.m.42 views

[SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability

------------------------------------------------------------------ SNS Advisory No.83 Webmin/Usermin PAM Authentication Bypass Vulnerability Problem first discovered on: Sun, 04 Sep 2005 Published on: Tue, 20 Sep 2005 ------------------------------------------------------------------ Severity...

7.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/09/24 12:0 a.m.34 views

Webmin, Usermin: Remote code execution through PAM authentication

Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mails. Description Keigo Yamazaki discovered that the...

7.5CVSS7AI score0.04127EPSS
Exploits0
Rows per page
Query Builder