Vulnerability Bulletins |
Desbordamiento de búfer en OpenPegasus |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
OpenPegasus Management Server <= 2.7 HP WBEM Services <= vA.02.05.08 / HP-UX B.11.11 HP WBEM Services <= vA.02.07.01 / HP-UX B.11.11 HP WBEM Services <= vA.02.05.08 / HP-UX B.11.23 HP WBEM Services <= vA.02.07 / HP-UX B.11.23 HP WBEM Services <= vA.02.05.08 / HP-UX B.11.31 HP WBEM Services <= vA.02.07 / HP-UX B.11.31 |
Description |
|
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en OpenPegasus Management Server. La vulnerabilidad reside en un error en la comprobación de los límites cuando OpenPegasus se ha compilado con el parámetro PEGASUS_USE_PAM_STANDALONE_PROC definido para utilizar PAM, tal como lo hace VMWare ESX Server 3.0.1 y 3.0.2. Un atacante remoto podría ejecutar código arbitrario mediante métodos relacionados con la autenticación PAM. |
|
Solution |
|
|
Actualización de software Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. Hewlett-Packard (HPSBMA02331) HP WBEM Services <= vA.02.05.08 / HP-UX B.11.11 / Patch PHSS_37702 HP WBEM Services <= vA.02.07.01 / HP-UX B.11.11 / Patch PHSS_37700 HP WBEM Services <= vA.02.05.08 / HP-UX B.11.23 / Patch PHSS_37703 HP WBEM Services <= vA.02.07 / HP-UX B.11.23 / Patch PHSS_37701 HP WBEM Services <= vA.02.05.08 / HP-UX B.11.31 / Patch PHSS_37704 HP WBEM Services <= vA.02.07 / HP-UX B.11.31 / Patch PHSS_37891 HP WBEM Services <=A.02.00.11/ HP-UX B.11.11 / Patch PHSS_38747 HP WBEM Services <=A.02.00.11 / HP-UX B.11.23 / Patch PHSS_38748 http://itrc.hp.com |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-5360 |
| BID | |
Other resources |
|
|
SUSE Security Advisory (SUSE-SR:2008:002) http://www.novell.com/linux/security/advisories/suse_security_summary_report.html HP SECURITY BULLETIN (HPSBMA02331) https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01438409-1 HP SECURITY BULLETIN (HPSBMA02331) http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01438409-5 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2008-01-30 |
| 1.1 | Aviso emitido por HP (HPSBMA02331) | 2008-05-08 |
| 1.2 | Aviso actualizado por HP (HPSBMA02331) | 2009-02-11 |