Vulnerability Name:

CVE-2008-0003 (CCN-39527)

Assigned:2007-12-03
Published:2008-01-07
Updated:2018-10-15
Summary:Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
CVSS v3 Severity:9.6 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
8.3 High (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
CWE-121
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-0003

Source: CCN
Type: CVS Repository
OpenPegasus

Source: CCN
Type: HP Security Bulletin HPSBMA02331 SSRT080000 rev.1
HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges

Source: HP
Type: UNKNOWN
HPSBMA02331

Source: MLIST
Type: UNKNOWN
[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

Source: OSVDB
Type: UNKNOWN
40082

Source: CCN
Type: RHSA-2008-0002
Critical: tog-pegasus security update

Source: SECUNIA
Type: Vendor Advisory
28338

Source: CCN
Type: SA28358
OpenPegasus PAM Module Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28462

Source: CCN
Type: SA29056
IBM AIX Pegasus CIM Server for Director Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
29056

Source: CCN
Type: SA29785
VMware ESX Server Multiple Security Updates

Source: SECUNIA
Type: Vendor Advisory
29785

Source: CCN
Type: SA29986
HP-UX WBEM Services OpenPegasus PAM Module Buffer Overflows

Source: SECUNIA
Type: Vendor Advisory
29986

Source: CCN
Type: SECTRACK ID: 1019159
OpenPegasus Stack Overflow in PAM Authentication Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1019159

Source: CCN
Type: ASA-2008-028
tog-pegasus security update (RHSA-2008-0002)

Source: VIM
Type: UNKNOWN
20080115 vuldb confusion between OpenPegasus issues

Source: CCN
Type: OpenPegasus Web site
OpenPegasus

Source: CCN
Type: OSVDB ID: 40082
OpenPegasus CIM Management Server (tog-pegasus) PAMBasicAuthenticator::PAMCallback Function Remote Overflow

Source: REDHAT
Type: Patch
RHSA-2008:0002

Source: BUGTRAQ
Type: UNKNOWN
20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

Source: BID
Type: UNKNOWN
27172

Source: CCN
Type: BID-27172
OpenPegasus WBEM CIM Management Server 'PAMBasicAuthenticatorUnix.cpp' Buffer Overflow Vulnerability

Source: BID
Type: Patch
27188

Source: CCN
Type: BID-27188
OpenPegasus Management Server PAM Authentication 'cimservera.cpp' Buffer Overflow Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0063

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0638

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1234

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1391

Source: CCN
Type: IBM Subscription service Bulletin 4129
IBM Pegasus CIM Server for Director on AIX vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=426578

Source: XF
Type: UNKNOWN
openpegasus-pambasic-bo(39527)

Source: XF
Type: UNKNOWN
openpegasus-pambasic-bo(39527)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10282

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-0506

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-0572

Vulnerable Configuration:Configuration 1:
  • cpe:/o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:openpegasus:management_server:2.6.1:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:21797
    P
    		ELSA-2008:0002: tog-pegasus security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:10282
    V
    		Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
    2013-04-29
    oval:com.redhat.rhsa:def:20080002
    P
    		RHSA-2008:0002: tog-pegasus security update (Critical)
    2008-01-28
    BACK
    redhat enterprise linux 4.0
    redhat enterprise linux 4.0
    redhat enterprise linux 4.0
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    redhat enterprise linux desktop 4.0
    redhat enterprise linux desktop 5.0
    openpegasus management server 2.6.1