CVE-2008-0003

Published: Jan 8, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.

Affected (1)

Products: Openpegasus: Management Server

Openpegasus

1 product

Management Server

Configuration A

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Openpegasus Management Server	Version 2.6.1

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux	Version 4.5.z
Redhat Enterprise Linux	Version 4.5.z
Redhat Enterprise Linux Desktop	Version 4.0
Redhat Enterprise Linux Desktop	Version 5.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (48)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409

Source: secalert@redhat.com

http://lists.vmware.com/pipermail/security-announce/2008/000014.html

Source: secalert@redhat.com

http://osvdb.org/40082

Source: secalert@redhat.com

http://secunia.com/advisories/28338

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/28462

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/29056

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/29785

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/29986

Source: secalert@redhat.com

Vendor Advisory

http://securitytracker.com/id?1019159

Source: secalert@redhat.com

http://www.attrition.org/pipermail/vim/2008-January/001879.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0002.html

Source: secalert@redhat.com

Patch

http://www.securityfocus.com/archive/1/490917/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/27172

Source: secalert@redhat.com

http://www.securityfocus.com/bid/27188

Source: secalert@redhat.com

Patch

http://www.vupen.com/english/advisories/2008/0063

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2008/0638

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2008/1234/references

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2008/1391/references

Source: secalert@redhat.com

Vendor Advisory

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=426578

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/39527

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409