213 matches found
Fedora 7 : tog-pegasus-2.6.0-3.fc7 (2008-0506)
Thu Jan 10 2008 Vitezslav Crhonek - 2.6.0-3 - Fix PAM authentication buffer overflow CVE-2008-0003 Resolves: 427828 - Wed Mar 28 2007 Vitezslav Crhonek - 2.6.0-2 - Update changelog - Build with Open Pegasus' Makefiles, istall with RedHats Mark Hamzy Note that Tenable Network Security has...
Fedora 8 : tog-pegasus-2.6.1-3.fc8 (2008-0572)
Thu Jan 10 2008 Vitezslav Crhonek - 2.6.1-3 - Fix PAM authentication buffer overflow CVE-2008-0003 Resolves: 427829 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format...
OpenPegasus管理服务器PAM认证模块远程栈溢出漏洞
BUGTRAQ ID: 27188,27172 CVECAN ID: CVE-2008-0003,CVE-2007-5360 OpenPegasus是一个开源项目,用于实现DMTF CIM和WBEM企业管理标准。 OpenPegasus的PAM认证模块实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 OpenPegasus的PAM认证模块中的PAMBasicAuthenticator::PAMCallback函数存在缓冲区溢出漏洞: // // copy the user password // respi-resp = char mallocPAMMAXMSGSIZE;...
CVE-2007-5360
Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUSUSEPAMSTANDALONEPROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than...
Buffer overflow
Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUSUSEPAMSTANDALONEPROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than...
CVE-2007-5360
CVE-2007-5360 : A stack-based buffer overflow in the PAM-authenticated OpenPegasus Management server can allow a remote attacker to execute arbitrary code when OpenPegasus is compiled with PAM support (PEGASUS_USE_PAM_STANDALONE_PROC not defined). This affects VMware ESX Server 3.0.1/3.0.2 deploy...
RHEL 4 / 5 : tog-pegasus (RHSA-2008:0002)
Updated tog-pegasus packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management WBEM...
tog-pegasus pam authentication buffer overflow
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server tog-pegasus, when compiled to use PAM and without PEGASUSUSEPAMSTANDALONEPROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different...
Critical: tog-pegasus security update
2.6.1-2.el51.1.0.1 - Added pegasus-enterprise.patch to allow detection of enterprise-release 2.6.1-2.el51.1 - Fix PAM authentication buffer overflow CVE-2008-0003 Resolves: 427213...
cdda2wav, cdrecord, mkisofs, pam security update
CentOS Errata and Security Advisory CESA-2007:0465 Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication...
MDKA-2006:034 : ipsec-tools
IPsec-Tools1 is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. This update fixes a few issues and introduces new functionalities to the package provided for Mandriva 2006 users: - fixed tunnel mode connection 19460 2 - fixed GSSAPI build - version update: 0.6.6 - enabled...
MDKA-2007:001 : samba
A number of minor issues were present in the samba packages shipped with Mandriva 2007.0. For users with filesystem quotas, samba would not indicate the remaining quota as the free disk space as intended. Problems with storing accounts with upper-case usernames in the smbpasswd passdb backend...
yet another OpenSSH timing leak?
Hello Bugtraq, Here we are again... During a recent penetration test i stumbled upon yet another OpenSSH timing leak, leading to remote disclosure of valid usernames. It's not as big as the one i found in the past CVE-2003-0190, but it can indeed be exploited over the Internet, nevertheless. This...
CVE-2006-0883
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service client connection refusal by connecting multiple times to the SSH server, waiting for the...
PT-2006-1929 · Freebsd +1 · Openam +2
Name of the Vulnerable Software and Affected Versions: OpenSSH on FreeBSD versions 5.3 through 5.4 Description: The issue arises when OpenSSH on FreeBSD is used with OpenPAM and a forked child process terminates during PAM authentication. This allows remote attackers to cause a denial of service ...
Stack overflow
Stack-based buffer overflow in the pammicasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2006-0736
CVE-2006-0736 is a stack-based buffer overflow in the pam_micasa PAM authentication module of CASA, affecting Novell Linux Desktop 9 and Open Enterprise Server 1. The vulnerability allows remote code execution and could grant root access, via remote vectors. The SUSE advisory SUSE-SA:2006:010 con...
Mandrake Linux Security Advisory : openssh (MDKSA-2006:034)
A flaw was discovered in the scp local-to-local copy implementation where filenames that contain shell metacharacters or spaces are expanded twice, which could lead to the execution of arbitrary commands if a local user could be tricked into a scp'ing a specially crafted filename. The provided...
[SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability
------------------------------------------------------------------ SNS Advisory No.83 Webmin/Usermin PAM Authentication Bypass Vulnerability Problem first discovered on: Sun, 04 Sep 2005 Published on: Tue, 20 Sep 2005 ------------------------------------------------------------------ Severity...
Webmin, Usermin: Remote code execution through PAM authentication
Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mails. Description Keigo Yamazaki discovered that the...