[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5360Date: (C)2008-01-08   (M)2023-12-22


Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/485936/100/0/threaded
http://www.attrition.org/pipermail/vim/2008-January/001879.html
http://www.securityfocus.com/archive/1/486859/100/0/threaded
SECUNIA-28358
SECUNIA-28368
SECUNIA-28636
SECUNIA-29986
SREASON-3538
ADV-2008-0063
ADV-2008-0064
ADV-2008-1391
HPSBMA02331
SUSE-SR:2008:002
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360
openpegasus-pam-bo(39524)

CPE    2
cpe:/o:vmware:esx:3.0.2
cpe:/o:vmware:esx:3.0.1
CWE    1
CWE-119

© SecPod Technologies