Vulnerabilities > CVE-2008-4315 - Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN redhat
nessus
Summary
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| Application | 1 |
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-1001.NASL description From Red Hat Security Advisory 2008:1001 : Updated tog-pegasus packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent Distributed Management Task Force (DMTF) standard that defines a common information model and communication protocol for monitoring and controlling resources. Red Hat defines additional security enhancements for OpenGroup Pegasus WBEM services in addition to those defined by the upstream OpenGroup Pegasus release. For details regarding these enhancements, refer to the file last seen 2020-06-01 modified 2020-06-02 plugin id 67770 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67770 title Oracle Linux 5 : tog-pegasus (ELSA-2008-1001) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-1001.NASL description Updated tog-pegasus packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent Distributed Management Task Force (DMTF) standard that defines a common information model and communication protocol for monitoring and controlling resources. Red Hat defines additional security enhancements for OpenGroup Pegasus WBEM services in addition to those defined by the upstream OpenGroup Pegasus release. For details regarding these enhancements, refer to the file last seen 2020-06-01 modified 2020-06-02 plugin id 34956 published 2008-11-25 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34956 title RHEL 5 : tog-pegasus (RHSA-2008:1001) NASL family Scientific Linux Local Security Checks NASL id SL_20081125_TOG_PEGASUS_ON_SL5_X.NASL description Scientific Linux defines additional security enhancements for OpenGroup Pegasus WBEM services in addition to those defined by the upstream OpenGroup Pegasus release. After re-basing to version 2.7.0 of the OpenGroup Pegasus code, these additional security enhancements were no longer being applied. As a consequence, access to OpenPegasus WBEM services was not restricted to the dedicated users. An attacker able to authenticate using a valid user account could use this flaw to send requests to WBEM services. (CVE-2008-4313) Note: default SELinux policy prevents tog-pegasus from modifying system files. This flaw last seen 2020-06-01 modified 2020-06-02 plugin id 60499 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60499 title Scientific Linux Security Update : tog-pegasus on SL5.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-1001.NASL description Updated tog-pegasus packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent Distributed Management Task Force (DMTF) standard that defines a common information model and communication protocol for monitoring and controlling resources. Red Hat defines additional security enhancements for OpenGroup Pegasus WBEM services in addition to those defined by the upstream OpenGroup Pegasus release. For details regarding these enhancements, refer to the file last seen 2020-06-01 modified 2020-06-02 plugin id 43717 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43717 title CentOS 5 : tog-pegasus (CESA-2008:1001)
Oval
| accepted | 2013-04-29T04:19:21.914-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:9431 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://osvdb.org/50278
- http://osvdb.org/50278
- http://secunia.com/advisories/32862
- http://secunia.com/advisories/32862
- http://www.redhat.com/support/errata/RHSA-2008-1001.html
- http://www.redhat.com/support/errata/RHSA-2008-1001.html
- http://www.securitytracker.com/id?1021281
- http://www.securitytracker.com/id?1021281
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
- https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
- https://bugzilla.redhat.com/show_bug.cgi?id=472017
- https://bugzilla.redhat.com/show_bug.cgi?id=472017
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46830
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46830
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9431
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9431