cvelistv5 - cve-2007-5360

CVE-2007-5360 (GCVE-0-2007-5360)

Vulnerability from cvelistv5

Published

2008-01-08 20:00

Modified

2024-08-07 15:31

Severity ?

CWE

Summary

Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.

References

URL

Tags

cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
cve@mitre.org	http://lists.vmware.com/pipermail/security-announce/2008/000002.html
cve@mitre.org	http://secunia.com/advisories/28358	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28368	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28636
cve@mitre.org	http://secunia.com/advisories/29986
cve@mitre.org	http://securityreason.com/securityalert/3538
cve@mitre.org	http://www.attrition.org/pipermail/vim/2008-January/001879.html
cve@mitre.org	http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
cve@mitre.org	http://www.securityfocus.com/archive/1/485936/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486859/100/0/threaded
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2008-0001.html
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0063
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0064
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1391/references
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39524
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2008/000002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28358	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28368	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28636
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29986
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3538
af854a3a-2127-422b-91ae-364da2661108	http://www.attrition.org/pipermail/vim/2008-January/001879.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485936/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486859/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2008-0001.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0063
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0064
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1391/references
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39524

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:57.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3538",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3538"
          },
          {
            "name": "openpegasus-pam-bo(39524)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39524"
          },
          {
            "name": "SUSE-SR:2008:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
          },
          {
            "name": "29986",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29986"
          },
          {
            "name": "HPSBMA02331",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360"
          },
          {
            "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
          },
          {
            "name": "20080115 vuldb confusion between OpenPegasus issues",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
          },
          {
            "name": "ADV-2008-0063",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0063"
          },
          {
            "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
          },
          {
            "name": "28368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28368"
          },
          {
            "name": "ADV-2008-1391",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1391/references"
          },
          {
            "name": "SSRT080000",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
          },
          {
            "name": "28636",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28636"
          },
          {
            "name": "28358",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28358"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
          },
          {
            "name": "ADV-2008-0064",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0064"
          },
          {
            "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3538",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3538"
        },
        {
          "name": "openpegasus-pam-bo(39524)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39524"
        },
        {
          "name": "SUSE-SR:2008:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
        },
        {
          "name": "29986",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29986"
        },
        {
          "name": "HPSBMA02331",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360"
        },
        {
          "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
        },
        {
          "name": "20080115 vuldb confusion between OpenPegasus issues",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
        },
        {
          "name": "ADV-2008-0063",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0063"
        },
        {
          "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
        },
        {
          "name": "28368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28368"
        },
        {
          "name": "ADV-2008-1391",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1391/references"
        },
        {
          "name": "SSRT080000",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
        },
        {
          "name": "28636",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28636"
        },
        {
          "name": "28358",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28358"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
        },
        {
          "name": "ADV-2008-0064",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0064"
        },
        {
          "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3538",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3538"
            },
            {
              "name": "openpegasus-pam-bo(39524)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39524"
            },
            {
              "name": "SUSE-SR:2008:002",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
            },
            {
              "name": "29986",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29986"
            },
            {
              "name": "HPSBMA02331",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360"
            },
            {
              "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
            },
            {
              "name": "20080115 vuldb confusion between OpenPegasus issues",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
            },
            {
              "name": "ADV-2008-0063",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0063"
            },
            {
              "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
            },
            {
              "name": "28368",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28368"
            },
            {
              "name": "ADV-2008-1391",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1391/references"
            },
            {
              "name": "SSRT080000",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
            },
            {
              "name": "28636",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28636"
            },
            {
              "name": "28358",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28358"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
            },
            {
              "name": "ADV-2008-0064",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0064"
            },
            {
              "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5360",
    "datePublished": "2008-01-08T20:00:00",
    "dateReserved": "2007-10-10T00:00:00",
    "dateUpdated": "2024-08-07T15:31:57.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5360\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-08T20:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.\"},{\"lang\":\"es\",\"value\":\"El desbordamiento de b\u00fafer en OpenPegasus Management Server, cuando es compilado para usar PAM y con PEGASUS_USE_PAM_STANDALONE_PROC definido, tal como se usa en VMWare ESX Server versi\u00f3n 3.0.1 y versi\u00f3n  3.0.2, podr\u00eda permitir que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de vectores relacionados con la autenticaci\u00f3n PAM, una vulnerabilidad diferente de CVE-2008-0003.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openpegasus:management_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B6F73FB-2E43-4A9D-9EF0-019DA9977E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C3613B7-CA1B-4C9A-9076-A2894202DDA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2008/000002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28358\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28368\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28636\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29986\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3538\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.attrition.org/pipermail/vim/2008-January/001879.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/suse_security_summary_report.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/485936/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/486859/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0063\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0064\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1391/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39524\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2008/000002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.attrition.org/pipermail/vim/2008-January/001879.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/suse_security_summary_report.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/485936/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/486859/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0063\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0064\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1391/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect versions of tog-pegasus as shipped with Red Hat Enterprise Linux 4, or 5.  For more details see\\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360\",\"lastModified\":\"2008-01-09T00:00:00\"}]}}"
  }
}

gsd-2007-5360

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-5360

Aliases

CVE-2007-5360

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5360",
    "description": "Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.",
    "id": "GSD-2007-5360",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-5360.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5360"
      ],
      "details": "Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.",
      "id": "GSD-2007-5360",
      "modified": "2023-12-13T01:21:40.648804Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5360",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "3538",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3538"
          },
          {
            "name": "openpegasus-pam-bo(39524)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39524"
          },
          {
            "name": "SUSE-SR:2008:002",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
          },
          {
            "name": "29986",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29986"
          },
          {
            "name": "HPSBMA02331",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360"
          },
          {
            "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
          },
          {
            "name": "20080115 vuldb confusion between OpenPegasus issues",
            "refsource": "VIM",
            "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
          },
          {
            "name": "ADV-2008-0063",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0063"
          },
          {
            "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "refsource": "MLIST",
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
          },
          {
            "name": "28368",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28368"
          },
          {
            "name": "ADV-2008-1391",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1391/references"
          },
          {
            "name": "SSRT080000",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
          },
          {
            "name": "28636",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28636"
          },
          {
            "name": "28358",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28358"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
          },
          {
            "name": "ADV-2008-0064",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0064"
          },
          {
            "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openpegasus:management_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5360"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28358",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28358"
            },
            {
              "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
            },
            {
              "name": "28368",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28368"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360"
            },
            {
              "name": "20080115 vuldb confusion between OpenPegasus issues",
              "refsource": "VIM",
              "tags": [],
              "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
            },
            {
              "name": "SUSE-SR:2008:002",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
            },
            {
              "name": "28636",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28636"
            },
            {
              "name": "3538",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3538"
            },
            {
              "name": "29986",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29986"
            },
            {
              "name": "ADV-2008-1391",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1391/references"
            },
            {
              "name": "HPSBMA02331",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
            },
            {
              "name": "ADV-2008-0064",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0064"
            },
            {
              "name": "ADV-2008-0063",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0063"
            },
            {
              "name": "openpegasus-pam-bo(39524)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39524"
            },
            {
              "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
            },
            {
              "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2008-01-08T20:46Z"
    }
  }
}

fkie_cve-2007-5360

Vulnerability from fkie_nvd

Published

2008-01-08 20:46

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
cve@mitre.org	http://lists.vmware.com/pipermail/security-announce/2008/000002.html
cve@mitre.org	http://secunia.com/advisories/28358	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28368	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28636
cve@mitre.org	http://secunia.com/advisories/29986
cve@mitre.org	http://securityreason.com/securityalert/3538
cve@mitre.org	http://www.attrition.org/pipermail/vim/2008-January/001879.html
cve@mitre.org	http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
cve@mitre.org	http://www.securityfocus.com/archive/1/485936/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486859/100/0/threaded
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2008-0001.html
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0063
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0064
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1391/references
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39524
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2008/000002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28358	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28368	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28636
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29986
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3538
af854a3a-2127-422b-91ae-364da2661108	http://www.attrition.org/pipermail/vim/2008-January/001879.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485936/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486859/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2008-0001.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0063
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0064
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1391/references
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39524

Impacted products

Vendor	Product	Version
openpegasus	management_server	*
vmware	esx	3.0.1
vmware	esx	3.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openpegasus:management_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B6F73FB-2E43-4A9D-9EF0-019DA9977E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003."
    },
    {
      "lang": "es",
      "value": "El desbordamiento de b\u00fafer en OpenPegasus Management Server, cuando es compilado para usar PAM y con PEGASUS_USE_PAM_STANDALONE_PROC definido, tal como se usa en VMWare ESX Server versi\u00f3n 3.0.1 y versi\u00f3n  3.0.2, podr\u00eda permitir que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de vectores relacionados con la autenticaci\u00f3n PAM, una vulnerabilidad diferente de CVE-2008-0003."
    }
  ],
  "id": "CVE-2007-5360",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-08T20:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28358"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28368"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28636"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29986"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3538"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0063"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0064"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1391/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1391/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39524"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect versions of tog-pegasus as shipped with Red Hat Enterprise Linux 4, or 5.  For more details see\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360",
      "lastModified": "2008-01-09T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-79mv-qv9r-5fvw

Vulnerability from github

Published

2022-05-01 18:32

Modified

2022-05-01 18:32

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5360"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-08T20:46:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.",
  "id": "GHSA-79mv-qv9r-5fvw",
  "modified": "2022-05-01T18:32:27Z",
  "published": "2022-05-01T18:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5360"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39524"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28358"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28368"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28636"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29986"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3538"
    },
    {
      "type": "WEB",
      "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0063"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0064"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1391/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-AVI-008

Vulnerability from certfr_avis

De multiples vulnérabilités sur VMWare ESX Server et VirtualCenter Management Server permettent notamment à une personne malintentionnée distante d'exécuter du code arbitraire.

Description

De multiples vulnérabilités existent sur VMWare ESX Server. Celles-ci concernent des modules ou logiciels utilisés par le serveur et récemment mis à jour : OpenPegasus, Tomcat, Samba, OpenSSL, JRE, util-linux, et Perl. Certaines de ces failles permettent notamment à une personne malintentionnée distante d'exécuter du code arbitraire.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VirtualCenter Management Server 2.
VMware	N/A	VMWare ESX Server 2.0.x ;
VMware	N/A	VMWare ESX Server 3.0.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMWare VMSA-2008-0001 du 07 janvier 2008	None	vendor-advisory
Bulletin de sécurité VMWare VMSA-2008-0002 du 07 janvier 2008	None	vendor-advisory
Bulletin de sécurité VMWare VMSA-2008-0002 du 07 janvier 2008 :	-	other
Bulletin de sécurité VMWare VMSA-2008-0001 du 07 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VirtualCenter Management Server 2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX Server 2.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX Server 3.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s existent sur VMWare ESX Server. Celles-ci\nconcernent des modules ou logiciels utilis\u00e9s par le serveur et r\u00e9cemment\nmis \u00e0 jour : OpenPegasus, Tomcat, Samba, OpenSSL, JRE, util-linux, et\nPerl. Certaines de ces failles permettent notamment \u00e0 une personne\nmalintentionn\u00e9e distante d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5360"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-5116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
    },
    {
      "name": "CVE-2007-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3004"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2007-5398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5398"
    },
    {
      "name": "CVE-2007-3108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3108"
    },
    {
      "name": "CVE-2007-4572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4572"
    },
    {
      "name": "CVE-2006-7195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195"
    },
    {
      "name": "CVE-2007-5191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5191"
    }
  ],
  "initial_release_date": "2008-01-08T00:00:00",
  "last_revision_date": "2008-01-08T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0002 du 07 janvier    2008 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0001 du 07 janvier    2008 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
    }
  ],
  "reference": "CERTA-2008-AVI-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s sur \u003cspan class=\"textit\"\u003eVMWare ESX\nServer\u003c/span\u003e et \u003cspan class=\"textit\"\u003eVirtualCenter Management\nServer\u003c/span\u003e permettent notamment \u00e0 une personne malintentionn\u00e9e\ndistante d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0001 du 07 janvier 2008",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0002 du 07 janvier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-236

Vulnerability from certfr_avis

Des vulnérabilités de HP-UX WBEM Services permettent d'exécuter du code arbitraire à distance ou d'élever ses privilèges.

Description

Des vulnérabilités de HP-UX Web-Based Entreprise Management Services (WBEM Services) permettent à un individu distant malintentionné d'exécuter du code arbitraire ou d'élever ses privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP-UX B.11.x WBEM Services versions antérieures à A.02.05.08.

References

Title

Publication Time

Tags

Bulletin de sécurité HP-UX c01438409 du 05 mai 2008	None	vendor-advisory
Bulletin de sécurité HP c01438409 du 05 mai 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP-UX B.11.x WBEM Services versions ant\u00e9rieures \u00e0 A.02.05.08.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s de HP-UX Web-Based Entreprise Management Services\n(WBEM Services) permettent \u00e0 un individu distant malintentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire ou d\u0027\u00e9lever ses privil\u00e8ges.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5360"
    },
    {
      "name": "CVE-2008-0003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0003"
    }
  ],
  "initial_release_date": "2008-05-09T00:00:00",
  "last_revision_date": "2008-05-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01438409 du 05 mai 2008 :",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01438409"
    }
  ],
  "reference": "CERTA-2008-AVI-236",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s de HP-UX WBEM Services permettent d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance ou d\u0027\u00e9lever ses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans HP-UX WBEM Services",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX c01438409 du 05 mai 2008",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-5360 (GCVE-0-2007-5360)

Vulnerability from cvelistv5

gsd-2007-5360

Vulnerability from gsd

fkie_cve-2007-5360

Vulnerability from fkie_nvd

ghsa-79mv-qv9r-5fvw

Vulnerability from github

CERTA-2008-AVI-008

Vulnerability from certfr_avis

Description

Solution

CERTA-2008-AVI-236

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature