Boletines de Vulnerabilidades |
Desbordamiento de búfer en OpenPegasus CIM management server |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Compromiso Root |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricant afectat | GNU/Linux |
Software afectado |
OpenPegasus CIM management server IBM AIX 5.2 IBM AIX 5.3 IBM AIX 6.1 HP WBEM Services <= vA.02.05.08 / HP-UX B.11.11 HP WBEM Services <= vA.02.07.01 / HP-UX B.11.11 HP WBEM Services <= vA.02.05.08 / HP-UX B.11.23 HP WBEM Services <= vA.02.07 / HP-UX B.11.23 HP WBEM Services <= vA.02.05.08 / HP-UX B.11.31 HP WBEM Services <= vA.02.07 / HP-UX B.11.31 |
Descripción |
|
Se ha encontrado una vulnerabilidad de tipo desbordamiento de búfer en OpenPegasus CIM management server. La vulnerabilidad reside en un error en la función PAMBasicAuthenticator::PAMCallback. Un atacante remoto podría ejecutar código arbitrario con privilegios de root. |
|
Solución |
|
Actualización de software Red Hat (RHSA-2008:0002-7) RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux AS (v. 4.5.z) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux ES (v. 4.5.z) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ IBM AIX 5.2 Pegasus 2.5.1 / patch Efix_641416.080123_AIX.tar.gz Pegasus 2.6.1 / patch Efix_644427.080123_AIX5.2.tar.gz AIX 5.3 Pegasus 2.5.1 / patch Efix_641416.080123_AIX.tar.gz Pegasus 2.6.1 / patch Efix_644427.080123_AIX5.3_6.1.tar.gz AIX 6.1 Pegasus 2.5.1 / patch Efix_641416.080123_AIX.tar.gz Pegasus 2.6.1 / patch Efix_644427.080123_AIX5.3_6.1.tar.gz ftp://aix.software.ibm.com/aix/efixes/security/pegasus_ifix.tar Hewlett-Packard (HPSBMA02331) HP WBEM Services <= vA.02.05.08 / HP-UX B.11.11 / Patch PHSS_37702 HP WBEM Services <= vA.02.07.01 / HP-UX B.11.11 / Patch PHSS_37700 HP WBEM Services <= vA.02.05.08 / HP-UX B.11.23 / Patch PHSS_37703 HP WBEM Services <= vA.02.07 / HP-UX B.11.23 / Patch PHSS_37701 HP WBEM Services <= vA.02.05.08 / HP-UX B.11.31 / Patch PHSS_37704 HP WBEM Services <= vA.02.07 / HP-UX B.11.31 / Patch PHSS_37891 HP WBEM Services <=A.02.00.11/ HP-UX B.11.11 / Patch PHSS_38747 HP WBEM Services <=A.02.00.11 / HP-UX B.11.23 / Patch PHSS_38748 http://itrc.hp.com |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2008-0003 |
BID | |
Recursos adicionales |
|
Red Hat Security Advisory (RHSA-2008:0002-7) https://rhn.redhat.com/errata/RHSA-2008-0002.html IBM Security Advisory http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=%2F200802%2FSECURITY%2F20080221%2Fdatafile112135& HP SECURITY BULLETIN (HPSBMA02331) https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01438409-1 HP SECURITY BULLETIN (HPSBMA02331) http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01438409-5 |
Histórico de versiones |
||
Versión | Comentario | Data |
1.0 | Aviso emitido | 2008-01-09 |
1.1 | Aviso emitido por IBM | 2008-02-26 |
1.2 | Aviso emitido por HP (HPSBMA02331) | 2008-05-08 |
1.3 | Aviso actualizado por HP (HPSBMA02331) | 2009-02-11 |