CVE-2008-4313 | Vulnerability Database | Aqua Security

A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.

Affected Software

Name	Vendor	Start Version	End Version
Enterprise_linux	Redhat	5.0 (including)	5.0 (including)
Enterprise_linux_desktop	Redhat	5.0 (including)	5.0 (including)
Red Hat Enterprise Linux 5	RedHat	tog-pegasus-2:2.7.0-2.el5_2.1	*

References

http://osvdb.org/50277
http://secunia.com/advisories/32862
http://www.redhat.com/support/errata/RHSA-2008-1001.html
http://www.securityfocus.com/bid/32460
http://www.securitytracker.com/id?1021283
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
https://bugzilla.redhat.com/show_bug.cgi?id=459217
https://exchange.xforce.ibmcloud.com/vulnerabilities/46829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556
http://osvdb.org/50277
http://secunia.com/advisories/32862
http://www.redhat.com/support/errata/RHSA-2008-1001.html
http://www.securityfocus.com/bid/32460
http://www.securitytracker.com/id?1021283
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
https://bugzilla.redhat.com/show_bug.cgi?id=459217
https://exchange.xforce.ibmcloud.com/vulnerabilities/46829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-4313
CWE	https://cwe.mitre.org/data/definitions/264.html