CVE-2008-4313

Published: Nov 27, 2008Modified: Apr 23, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.

Affected (2)

Products: Redhat: Enterprise Linux, Enterprise Linux Desktop

Redhat

2 products

Enterprise Linux

Enterprise Linux Desktop

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux Desktop	Version 5.0

Running on/with	Platform Versions
Openpegasus Openpegasus Wbem	Version 2.7.0

Related CWEs

CWE-264

References (20)

http://osvdb.org/50277

Source: secalert@redhat.com

http://secunia.com/advisories/32862

Source: secalert@redhat.com

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-1001.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/32460

Source: secalert@redhat.com

http://www.securitytracker.com/id?1021283

Source: secalert@redhat.com

https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9

Source: secalert@redhat.com

https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10

Source: secalert@redhat.com

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=459217

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/46829

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556

Source: secalert@redhat.com

http://osvdb.org/50277