|
|
Subscribe / Log in / New account

tog-pegasus: authentication issues

Package(s):tog-pegasus CVE #(s):CVE-2008-4313 CVE-2008-4315
Created:November 25, 2008 Updated:November 27, 2008
Description: From the Red Hat advisory:

After re-basing to version 2.7.0 of the OpenGroup Pegasus code, these additional security enhancements were no longer being applied. As a consequence, access to OpenPegasus WBEM services was not restricted to the dedicated users as described in README.RedHat.Security. An attacker able to authenticate using a valid user account could use this flaw to send requests to WBEM services.

Failed authentication attempts against the OpenPegasus CIM server were not logged to the system log as documented in README.RedHat.Security. An attacker could use this flaw to perform password guessing attacks against a user account without leaving traces in the system log.

Alerts:
CentOS CESA-2008:1001 tog-pegasus 2008-11-26
Red Hat RHSA-2008:1001-01 tog-pegasus 2008-11-25
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds