ID CVE-2008-4315
Summary tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*
  • cpe:2.3:a:openpegasus:openpegasus_wbem:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:openpegasus:openpegasus_wbem:2.7.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-09-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:19:21.914-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
family unix
id oval:org.mitre.oval:def:9431
status accepted
submitted 2010-07-09T03:56:16-04:00
title tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
version 18
redhat via4
advisories
bugzilla
id 472017
title CVE-2008-4315 tog-pegasus: failed authentication attempts not logged via PAM
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment tog-pegasus is earlier than 2:2.7.0-2.el5_2.1
        oval oval:com.redhat.rhsa:tst:20081001002
      • comment tog-pegasus is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20080002010
    • AND
      • comment tog-pegasus-devel is earlier than 2:2.7.0-2.el5_2.1
        oval oval:com.redhat.rhsa:tst:20081001004
      • comment tog-pegasus-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20080002012
rhsa
id RHSA-2008:1001
released 2008-11-25
severity Important
title RHSA-2008:1001: tog-pegasus security update (Important)
rpms
  • tog-pegasus-2:2.7.0-2.el5_2.1
  • tog-pegasus-devel-2:2.7.0-2.el5_2.1
refmap via4
confirm
osvdb 50278
sectrack 1021281
secunia 32862
xf togpegasus-systemlog-weak-security(46830)
Last major update 29-09-2017 - 01:32
Published 27-11-2008 - 00:30
Back to Top