CVE-2008-4315 – tog-pegasus: failed authentication attempts not logged via PAM
https://notcve.org/view.php?id=CVE-2008-4315
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. tog-pegasus en OpenGroup Pegasus 2.7.0 en Red Hat Enterprise Linux (RHEL) 5, Fedora 9, y Fedora 10 no registra los intentos de autenticacion fallidos a el servidor OpenPegasus CIM, lo cual facilita a atacantes remotos evitar la detección de ataques de intento de adivinar passwords. • http://osvdb.org/50278 http://secunia.com/advisories/32862 http://www.redhat.com/support/errata/RHSA-2008-1001.html http://www.securitytracker.com/id?1021281 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 https://bugzilla.redhat.com/show_bug.cgi?id=472017 https://exchange.xforce.ibmcloud.com/vulnerabilities/46830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A •
CVE-2008-4313 – tog-pegasus: WBEM services access not restricted to dedicated user after 2.7.0 rebase
https://notcve.org/view.php?id=CVE-2008-4313
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. Un parche de Red Hat para tog-pegasus en OpenGroup Pegasus 2.7.0 no configura adecuadamente el nombre PAM tty, lo que permite a usuarios autenticados remotamente evitar las restricciones de acceso previstas y enviar peticiones a servicios OpenPegasus WBEM. • http://osvdb.org/50277 http://secunia.com/advisories/32862 http://www.redhat.com/support/errata/RHSA-2008-1001.html http://www.securityfocus.com/bid/32460 http://www.securitytracker.com/id?1021283 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 https://bugzilla.redhat.com/show_bug.cgi?id=459217 https://exchange.xforce.ibmcloud.com/vulnerabilities/46829 https://oval.cisecurity.org/repository/sea • CWE-264: Permissions, Privileges, and Access Controls •