漏洞信息详情
OpenPegasus CIM管理服务器PAM认证模块远程栈溢出漏洞
- CNNVD编号:CNNVD-200801-100
- 危害等级: 高危
- CVE编号: CVE-2008-0003
- 漏洞类型: 缓冲区溢出
- 发布时间: 2008-01-08
- 威胁类型: 远程
- 更新时间: 2009-02-21
- 厂 商: redhat
- 漏洞来源: Mark J. Cox
漏洞简介
OpenPegasus CIM management server中的PAM BasicAuthenticator::PAMCallback函数存在一个缓冲溢出漏洞。当调用PAM没有对PEGASUS_USE_PAM_STANDALONE_PROC进行定义,可能使得攻击者通过未知的向量执行任意代码。
漏洞公告
目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.openpegasus.org/
参考网址
来源: BID
名称: 27188
链接:http://www.securityfocus.com/bid/27188
来源: REDHAT
名称: RHSA-2008:0002
链接:http://www.redhat.com/support/errata/RHSA-2008-0002.HTML
来源: VUPEN
名称: ADV-2008-0063
链接:http://www.frsirt.com/english/advisories/2008/0063
来源: FEDORA
名称: FEDORA-2008-0572
链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.HTML
来源: FEDORA
名称: FEDORA-2008-0506
链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.HTML
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=426578
来源: XF
名称: openpegasus-pambasic-bo(39527)
链接:http://xforce.iss.net/xforce/xfdb/39527
来源: www14.software.ibm.com
链接:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129
来源: BID
名称: 27172
链接:http://www.securityfocus.com/bid/27172
来源: BUGTRAQ
名称: 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
链接:http://www.securityfocus.com/archive/1/archive/1/490917/100/0/threaded
来源: VUPEN
名称: ADV-2008-1391
链接:http://www.frsirt.com/english/advisories/2008/1391/references
来源: VUPEN
名称: ADV-2008-1234
链接:http://www.frsirt.com/english/advisories/2008/1234/references
来源: VUPEN
名称: ADV-2008-0638
链接:http://www.frsirt.com/english/advisories/2008/0638
来源: VIM
名称: 20080115 vuldb confusion between OpenPegasus issues
链接:http://www.attrition.org/pipermail/vim/2008-January/001879.HTML
来源: SECTRACK
名称: 1019159
链接:http://securitytracker.com/id?1019159
来源: SECUNIA
名称: 29986
链接:http://secunia.com/advisories/29986
来源: SECUNIA
名称: 29785
链接:http://secunia.com/advisories/29785
来源: SECUNIA
名称: 29056
链接:http://secunia.com/advisories/29056
来源: SECUNIA
名称: 28462
链接:http://secunia.com/advisories/28462
来源: SECUNIA
名称: 28338
链接:http://secunia.com/advisories/28338
来源: OSVDB
名称: 40082
链接:http://osvdb.org/40082
来源: MLIST
名称: [Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
链接:http://lists.vmware.com/pipermail/security-announce/2008/000014.HTML
来源: HP
名称: HPSBMA02331
链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
来源:NSFOCUS 名称:11364 链接:http://www.nsfocus.net/vulndb/11364
受影响实体
- Redhat Enterprise_linux_desktop:5.0
- Redhat Enterprise_linux_desktop:4.0
- Redhat Enterprise_linux:4.5.Z:Es
- Redhat Enterprise_linux:4.5.Z:As
- Redhat Enterprise_linux:4.0:Ws
补丁
暂无
评论