CVE-2008-4313

EUVD-2008-4294
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
redhatenterprise_linux
5.0
redhatenterprise_linux_desktop
5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/50277
http://secunia.com/advisories/32862
http://www.redhat.com/support/errata/RHSA-2008-1001.html
http://www.securityfocus.com/bid/32460
http://www.securitytracker.com/id?1021283
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
https://bugzilla.redhat.com/show_bug.cgi?id=459217
https://exchange.xforce.ibmcloud.com/vulnerabilities/46829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556
http://osvdb.org/50277
http://secunia.com/advisories/32862
http://www.redhat.com/support/errata/RHSA-2008-1001.html
http://www.securityfocus.com/bid/32460
http://www.securitytracker.com/id?1021283
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
https://bugzilla.redhat.com/show_bug.cgi?id=459217
https://exchange.xforce.ibmcloud.com/vulnerabilities/46829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556