certfr_avis - CERTA-2008-AVI-102

CERTA-2008-AVI-102

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été découvertes dans IBM AIX et permettent à un individu malveillant de provoquer un déni de service ou d'exécuter du code arbitraire à distance.

Description

Pegasus CIM Server for Directory d'IBM AIX est un outil de gestion d'objet fournissant des modèles communs d'information. Plusieurs vulnérabilités ont été découvertes dans ce produit et permettent via un dépassement de mémoire tampon de provoquer un déni de service à distance ou une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité IBM pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	AIX	IBM AIX 6.1.
IBM	AIX	IBM AIX 5.2 ;
IBM	AIX	IBM AIX 5.3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité IBM AIX du 21 février 2008	None	vendor-advisory
Bulletin de sécurité IBM du 21 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM AIX 6.1.",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM AIX 5.2 ;",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM AIX 5.3 ;",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPegasus CIM Server for Directory d\u0027IBM AIX est un outil de gestion\nd\u0027objet fournissant des mod\u00e8les communs d\u0027information. Plusieurs\nvuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ce produit et permettent via un\nd\u00e9passement de m\u00e9moire tampon de provoquer un d\u00e9ni de service \u00e0 distance\nou une ex\u00e9cution de code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 IBM pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0495"
    },
    {
      "name": "CVE-2008-0003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0003"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 f\u00e9vrier 2008 :",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=%2F200802%2FSECURITY%2F20080221%2Fdatafile112135\u0026label=IBM+Pegasus+CIM+Server+for+Directory+on+AIX+vulnerabilities"
    }
  ],
  "reference": "CERTA-2008-AVI-102",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM AIX et permettent\n\u00e0 un individu malveillant de provoquer un d\u00e9ni de service ou d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM AIX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM AIX du 21 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

CVE-2008-0003 (GCVE-0-2008-0003)

Vulnerability from cvelistv5 – Published: 2008-01-08 20:00 – Updated: 2024-08-07 07:32

Summary

Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/40082	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/28462	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/29986	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/29056	third-party-advisoryx_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/archive/1/490917/100…	mailing-listx_refsource_BUGTRAQ
	http://www.attrition.org/pipermail/vim/2008-Janua…	mailing-listx_refsource_VIM
	http://www.vupen.com/english/advisories/2008/0063	vdb-entryx_refsource_VUPEN
	http://www14.software.ibm.com/webapp/set2/subscri…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/27188	vdb-entryx_refsource_BID
	http://secunia.com/advisories/29785	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1234…	vdb-entryx_refsource_VUPEN
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.vupen.com/english/advisories/2008/1391…	vdb-entryx_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2008-00…	vendor-advisoryx_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2008/0638	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/27172	vdb-entryx_refsource_BID
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://securitytracker.com/id?1019159	vdb-entryx_refsource_SECTRACK
	http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=426578	x_refsource_CONFIRM
	http://secunia.com/advisories/28338	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openpegasus-pambasic-bo(39527)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39527"
          },
          {
            "name": "40082",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/40082"
          },
          {
            "name": "28462",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28462"
          },
          {
            "name": "FEDORA-2008-0506",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html"
          },
          {
            "name": "29986",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29986"
          },
          {
            "name": "29056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29056"
          },
          {
            "name": "HPSBMA02331",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
          },
          {
            "name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
          },
          {
            "name": "20080115 vuldb confusion between OpenPegasus issues",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
          },
          {
            "name": "ADV-2008-0063",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0063"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4129"
          },
          {
            "name": "27188",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27188"
          },
          {
            "name": "29785",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29785"
          },
          {
            "name": "ADV-2008-1234",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1234/references"
          },
          {
            "name": "FEDORA-2008-0572",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html"
          },
          {
            "name": "ADV-2008-1391",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1391/references"
          },
          {
            "name": "RHSA-2008:0002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0002.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10282",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282"
          },
          {
            "name": "ADV-2008-0638",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0638"
          },
          {
            "name": "27172",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27172"
          },
          {
            "name": "SSRT080000",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
          },
          {
            "name": "1019159",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019159"
          },
          {
            "name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426578"
          },
          {
            "name": "28338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28338"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openpegasus-pambasic-bo(39527)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39527"
        },
        {
          "name": "40082",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/40082"
        },
        {
          "name": "28462",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28462"
        },
        {
          "name": "FEDORA-2008-0506",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html"
        },
        {
          "name": "29986",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29986"
        },
        {
          "name": "29056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29056"
        },
        {
          "name": "HPSBMA02331",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
        },
        {
          "name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
        },
        {
          "name": "20080115 vuldb confusion between OpenPegasus issues",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
        },
        {
          "name": "ADV-2008-0063",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0063"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4129"
        },
        {
          "name": "27188",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27188"
        },
        {
          "name": "29785",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29785"
        },
        {
          "name": "ADV-2008-1234",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1234/references"
        },
        {
          "name": "FEDORA-2008-0572",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html"
        },
        {
          "name": "ADV-2008-1391",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1391/references"
        },
        {
          "name": "RHSA-2008:0002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0002.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10282",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282"
        },
        {
          "name": "ADV-2008-0638",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0638"
        },
        {
          "name": "27172",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27172"
        },
        {
          "name": "SSRT080000",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
        },
        {
          "name": "1019159",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019159"
        },
        {
          "name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426578"
        },
        {
          "name": "28338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28338"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-0003",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openpegasus-pambasic-bo(39527)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39527"
            },
            {
              "name": "40082",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/40082"
            },
            {
              "name": "28462",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28462"
            },
            {
              "name": "FEDORA-2008-0506",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html"
            },
            {
              "name": "29986",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29986"
            },
            {
              "name": "29056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29056"
            },
            {
              "name": "HPSBMA02331",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
            },
            {
              "name": "20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490917/100/0/threaded"
            },
            {
              "name": "20080115 vuldb confusion between OpenPegasus issues",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2008-January/001879.html"
            },
            {
              "name": "ADV-2008-0063",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0063"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4129",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4129"
            },
            {
              "name": "27188",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27188"
            },
            {
              "name": "29785",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29785"
            },
            {
              "name": "ADV-2008-1234",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1234/references"
            },
            {
              "name": "FEDORA-2008-0572",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html"
            },
            {
              "name": "ADV-2008-1391",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1391/references"
            },
            {
              "name": "RHSA-2008:0002",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0002.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10282",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282"
            },
            {
              "name": "ADV-2008-0638",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0638"
            },
            {
              "name": "27172",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27172"
            },
            {
              "name": "SSRT080000",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409"
            },
            {
              "name": "1019159",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019159"
            },
            {
              "name": "[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000014.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=426578",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426578"
            },
            {
              "name": "28338",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28338"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-0003",
    "datePublished": "2008-01-08T20:00:00",
    "dateReserved": "2007-12-03T00:00:00",
    "dateUpdated": "2024-08-07T07:32:23.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0495 (GCVE-0-2008-0495)

Vulnerability from cvelistv5 – Published: 2008-01-30 21:00 – Updated: 2024-08-07 07:46

Summary

Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www14.software.ibm.com/webapp/set2/sas/f/…	x_refsource_CONFIRM
	http://secunia.com/advisories/29056	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/28667	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www14.software.ibm.com/webapp/set2/subscri…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/0323	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/27484	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1019280	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/0638	vdb-entryx_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=isg1…	vendor-advisoryx_refsource_AIXAPAR

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:54.998Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html"
          },
          {
            "name": "29056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29056"
          },
          {
            "name": "28667",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28667"
          },
          {
            "name": "hmc-pegasus-cim-dos(40021)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40021"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4129"
          },
          {
            "name": "ADV-2008-0323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0323"
          },
          {
            "name": "27484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27484"
          },
          {
            "name": "1019280",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019280"
          },
          {
            "name": "ADV-2008-0638",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0638"
          },
          {
            "name": "MB02236",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1MB02236"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html"
        },
        {
          "name": "29056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29056"
        },
        {
          "name": "28667",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28667"
        },
        {
          "name": "hmc-pegasus-cim-dos(40021)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40021"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4129"
        },
        {
          "name": "ADV-2008-0323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0323"
        },
        {
          "name": "27484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27484"
        },
        {
          "name": "1019280",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019280"
        },
        {
          "name": "ADV-2008-0638",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0638"
        },
        {
          "name": "MB02236",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1MB02236"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html",
              "refsource": "CONFIRM",
              "url": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html"
            },
            {
              "name": "29056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29056"
            },
            {
              "name": "28667",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28667"
            },
            {
              "name": "hmc-pegasus-cim-dos(40021)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40021"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4129",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4129"
            },
            {
              "name": "ADV-2008-0323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0323"
            },
            {
              "name": "27484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27484"
            },
            {
              "name": "1019280",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019280"
            },
            {
              "name": "ADV-2008-0638",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0638"
            },
            {
              "name": "MB02236",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1MB02236"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0495",
    "datePublished": "2008-01-30T21:00:00",
    "dateReserved": "2008-01-30T00:00:00",
    "dateUpdated": "2024-08-07T07:46:54.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2008-AVI-102

Description

Solution

CVE-2008-0003 (GCVE-0-2008-0003)

CVE-2008-0495 (GCVE-0-2008-0495)

Tags

Sightings

Nomenclature