[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-5360

Date: (C)2008-01-08   (M)2017-08-01
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.

Reference:
http://www.securityfocus.com/archive/1/archive/1/485936/100/0/threaded
http://www.attrition.org/pipermail/vim/2008-January/001879.html
http://www.securityfocus.com/archive/1/archive/1/486859/100/0/threaded
SECUNIA-28358
SECUNIA-28368
SECUNIA-28636
SECUNIA-29986
SREASON-3538
ADV-2008-0063
ADV-2008-0064
ADV-2008-1391
HPSBMA02331
SUSE-SR:2008:002
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360
openpegasus-pam-bo(39524)

CPE    2
cpe:/a:vmware:esx_server:3.0.2
cpe:/a:vmware:esx_server:3.0.1
CWE    1
CWE-119

© 2013 SecPod Technologies