CVE - CVE-2008-0003

CVE-ID
CVE-2008-0003	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:27172 URL:http://www.securityfocus.com/bid/27172 BID:27188 URL:http://www.securityfocus.com/bid/27188 BUGTRAQ:20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus URL:http://www.securityfocus.com/archive/1/490917/100/0/threaded CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=426578 FEDORA:FEDORA-2008-0506 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html FEDORA:FEDORA-2008-0572 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html HP:HPSBMA02331 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409 HP:SSRT080000 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409 MLIST:[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus URL:http://lists.vmware.com/pipermail/security-announce/2008/000014.html OSVDB:40082 URL:~~http://osvdb.org/40082~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10282 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282 REDHAT:RHSA-2008:0002 URL:http://www.redhat.com/support/errata/RHSA-2008-0002.html SECTRACK:1019159 URL:http://securitytracker.com/id?1019159 SECUNIA:28338 URL:http://secunia.com/advisories/28338 SECUNIA:28462 URL:http://secunia.com/advisories/28462 SECUNIA:29056 URL:http://secunia.com/advisories/29056 SECUNIA:29785 URL:http://secunia.com/advisories/29785 SECUNIA:29986 URL:http://secunia.com/advisories/29986 VIM:20080115 vuldb confusion between OpenPegasus issues URL:http://www.attrition.org/pipermail/vim/2008-January/001879.html VUPEN:ADV-2008-0063 URL:~~http://www.vupen.com/english/advisories/2008/0063~~ (Obsolete source) VUPEN:ADV-2008-0638 URL:~~http://www.vupen.com/english/advisories/2008/0638~~ (Obsolete source) VUPEN:ADV-2008-1234 URL:~~http://www.vupen.com/english/advisories/2008/1234/references~~ (Obsolete source) VUPEN:ADV-2008-1391 URL:~~http://www.vupen.com/english/advisories/2008/1391/references~~ (Obsolete source) XF:openpegasus-pambasic-bo(39527) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39527
Assigning CNA
Red Hat, Inc.
Date Record Created
20071203	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)