{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-07T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openpegasus-pambasic-bo(39527)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39527"}, {"name": "40082", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40082"}, {"name": "28462", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28462"}, {"name": "FEDORA-2008-0506", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html"}, {"name": "29986", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29986"}, {"name": "29056", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29056"}, {"name": "HPSBMA02331", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"}, {"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"}, {"name": "20080115 vuldb confusion between OpenPegasus issues", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"}, {"name": "ADV-2008-0063", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0063"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129"}, {"name": "27188", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27188"}, {"name": "29785", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29785"}, {"name": "ADV-2008-1234", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1234/references"}, {"name": "FEDORA-2008-0572", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html"}, {"name": "ADV-2008-1391", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1391/references"}, {"name": "RHSA-2008:0002", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0002.html"}, {"name": "oval:org.mitre.oval:def:10282", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282"}, {"name": "ADV-2008-0638", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0638"}, {"name": "27172", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27172"}, {"name": "SSRT080000", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"}, {"name": "1019159", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1019159"}, {"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426578"}, {"name": "28338", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28338"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-0003", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openpegasus-pambasic-bo(39527)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39527"}, {"name": "40082", "refsource": "OSVDB", "url": "http://osvdb.org/40082"}, {"name": "28462", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28462"}, {"name": "FEDORA-2008-0506", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html"}, {"name": "29986", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29986"}, {"name": "29056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29056"}, {"name": "HPSBMA02331", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"}, {"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"}, {"name": "20080115 vuldb confusion between OpenPegasus issues", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"}, {"name": "ADV-2008-0063", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0063"}, {"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129"}, {"name": "27188", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27188"}, {"name": "29785", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29785"}, {"name": "ADV-2008-1234", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1234/references"}, {"name": "FEDORA-2008-0572", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html"}, {"name": "ADV-2008-1391", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1391/references"}, {"name": "RHSA-2008:0002", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0002.html"}, {"name": "oval:org.mitre.oval:def:10282", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282"}, {"name": "ADV-2008-0638", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0638"}, {"name": "27172", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27172"}, {"name": "SSRT080000", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"}, {"name": "1019159", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019159"}, {"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=426578", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426578"}, {"name": "28338", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28338"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:32:23.252Z"}, "title": "CVE Program Container", "references": [{"name": "openpegasus-pambasic-bo(39527)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39527"}, {"name": "40082", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40082"}, {"name": "28462", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28462"}, {"name": "FEDORA-2008-0506", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html"}, {"name": "29986", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29986"}, {"name": "29056", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29056"}, {"name": "HPSBMA02331", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"}, {"name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"}, {"name": "20080115 vuldb confusion between OpenPegasus issues", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"}, {"name": "ADV-2008-0063", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0063"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129"}, {"name": "27188", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27188"}, {"name": "29785", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29785"}, {"name": "ADV-2008-1234", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1234/references"}, {"name": "FEDORA-2008-0572", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html"}, {"name": "ADV-2008-1391", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1391/references"}, {"name": "RHSA-2008:0002", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0002.html"}, {"name": "oval:org.mitre.oval:def:10282", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282"}, {"name": "ADV-2008-0638", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0638"}, {"name": "27172", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27172"}, {"name": "SSRT080000", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"}, {"name": "1019159", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1019159"}, {"name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426578"}, {"name": "28338", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28338"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-0003", "datePublished": "2008-01-08T20:00:00", "dateReserved": "2007-12-03T00:00:00", "dateUpdated": "2024-08-07T07:32:23.252Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*", "matchCriteriaId": "49EF5B77-9BC9-4AE8-A677-48E5E576BE63", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*", "matchCriteriaId": "36389D32-61C1-4487-8399-FA7D2864FACD", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*", "matchCriteriaId": "49B67F74-AF8F-4A27-AA8A-A8479E256A9F", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.5.z:*:as:*:*:*:*:*", "matchCriteriaId": "9E17C039-50DC-487F-B800-8694C2E733FA", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.5.z:*:es:*:*:*:*:*", "matchCriteriaId": "B380DA56-B6E4-4735-A66C-EE29B56D7A52", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:openpegasus:management_server:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "718022C2-CA80-44CB-ACF9-A24FBF5ABDA6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360."}, {"lang": "es", "value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n PAMBasicAuthenticator::PAMCallback en el servidor de administraci\u00f3n de OpenPegasus CIM (tog-pegasus), cuando es compilado para usar PAM y sin PEGASUS_USE_PAM_STANDALONE_PROC definida, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores desconocidos, una vulnerabilidad diferente de CVE -2007-5360."}], "id": "CVE-2008-0003", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-08T20:46:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"}, {"source": "secalert@redhat.com", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"}, {"source": "secalert@redhat.com", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/40082"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28338"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28462"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29056"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29785"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29986"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1019159"}, {"source": "secalert@redhat.com", "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0002.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/27172"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/27188"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0063"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0638"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1234/references"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1391/references"}, {"source": "secalert@redhat.com", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426578"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39527"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/40082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28462"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29986"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1019159"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/27188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0638"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1234/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1391/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426578"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39527"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0002", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "tog-pegasus-2:2.5.1-5.el4_6.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2008-01-07T00:00:00Z"}, {"advisory": "RHSA-2008:0002", "cpe": "cpe:/o:redhat:rhel_eus:4.5", "package": "tog-pegasus-2:2.5.1-2.el4_5.1", "product_name": "Red Hat Enterprise Linux 4.5 Z Stream", "release_date": "2008-01-07T00:00:00Z"}, {"advisory": "RHSA-2008:0002", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "tog-pegasus-2:2.6.1-2.el5_1.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-01-07T00:00:00Z"}], "bugzilla": {"description": "tog-pegasus pam authentication buffer overflow", "id": "426578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426578"}, "csaw": false, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360."], "mitigation": {"lang": "en:us", "value": "The tog-pegasus package is not installed by default on Red Hat Enterprise Linux. \ntog-pegasus supplied by Red Hat binds only to one port (as plain http is\ndisabled), port 5989. The default firewall installed by Red Hat Enterprise\nLinux will block remote access to this port. In normal use it's unlikely you'd\nwant to have this port accessible outside of an intranet anyway, and it's likely\nto be blocked by enterprise border firewalls.\nHowever if tog-pegasus has been installed and unblocked through the fireware,\nthe Red Hat Security Response Team believes that it would still be hard to\nremotely exploit this issue to execute arbitrary code due to the default SELinux\ntargeted policy on Enterprise Linux 4 and 5, and the SELinux memory protections\nenabled by default on Enterprise Linux 5."}, "name": "CVE-2008-0003", "public_date": "2008-01-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-0003\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-0003"], "threat_severity": "Critical"}