ISS X-Force Database: openpegasus-pam-bo(39524): OpenPegasus PAM module buffer overflow

OpenPegasus PAM module buffer overflow

openpegasus-pam-bo (39524)

High Risk

Description:

OpenPegasus is vulnerable to a buffer overflow, caused by improper bounds checking by the PAM module. By sending specially-crafted data, a remote attacker from within the local network could overflow a buffer and execute arbitrary code on the system with root privileges or cause the application to crash.

Platforms Affected:

HP, HP-UX 11.11
HP, HP-UX 11.23
HP, HP-UX 11.31
Open Group, OpenPegasus 2.7
VMware, ESX Server 2.5
VMware, ESX Server 2.5.1
VMware, ESX Server 2.5.2
VMware, ESX Server 2.5.3
VMware, ESX Server 2.5.4
VMware, ESX Server 2.5.5
VMware, ESX Server 3.0.1
VMware, ESX Server 3.0.2

Remedy:

Refer to VMSA-2008-0001 for patch, upgrade, or suggested workaround information, available from the VMware Security-announce Mailing List, Mon Jan 7 17:46:23 PST 2008. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Gain Access

References:

HPSBMA02331 SSRT080000 rev.1, HP-UX running WBEM Services, Remote Execution of Arbitrary Code, Gain Extended Privileges at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409.
OpenPegasus Web site, OpenPegasus at http://www.openpegasus.org/.
Security-announce Mailing List, Mon Jan 7 17:46:23 PST 2008 , VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages at http://lists.vmware.com/pipermail/security-announce/2008/000002.html.
VMware Security-Announce Mailing List, Tue Jan 22 16:42:45 PST 2008, UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages at http://lists.vmware.com/pipermail/security-announce/2008/000004.html.
CVE-2007-5360: Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.
SA28358: OpenPegasus PAM Module Buffer Overflow Vulnerabilities
SA28368: VMware ESX Server Multiple Security Updates
SA29986: HP-UX WBEM Services OpenPegasus PAM Module Buffer Overflows
SUSE-SR:2008:002: SUSE Security Summary Report
VUPEN/ADV-2008-0063: OpenPegasus PAM Authentication Multiple Buffer Overflow Vulnerabilities
VUPEN/ADV-2008-0064: VMware ESX Server Code Execution and Security Bypass Vulnerabilities
VUPEN/ADV-2008-1391: HP-UX WBEM Services OpenPegasus Buffer Overflow Vulnerabilities

Reported:

Jan 07, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page