 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.61926 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2008:1001 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2008:1001. The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent Distributed Management Task Force (DMTF) standard that defines a common information model and communication protocol for monitoring and controlling resources. Red Hat defines additional security enhancements for OpenGroup Pegasus WBEM services in addition to those defined by the upstream OpenGroup Pegasus release. For details regarding these enhancements, refer to the file README.RedHat.Security, included in the Red Hat tog-pegasus package. After re-basing to version 2.7.0 of the OpenGroup Pegasus code, these additional security enhancements were no longer being applied. As a consequence, access to OpenPegasus WBEM services was not restricted to the dedicated users as described in README.RedHat.Security. An attacker able to authenticate using a valid user account could use this flaw to send requests to WBEM services. (CVE-2008-4313) Note: default SELinux policy prevents tog-pegasus from modifying system files. This flaw's impact depends on whether or not tog-pegasus is confined by SELinux, and on any additional CMPI providers installed and enabled on a particular system. Failed authentication attempts against the OpenPegasus CIM server were not logged to the system log as documented in README.RedHat.Security. An attacker could use this flaw to perform password guessing attacks against a user account without leaving traces in the system log. (CVE-2008-4315) All tog-pegasus users are advised to upgrade to these updated packages, which contain patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-1001.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 6.8 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-4313 1021283 http://www.securitytracker.com/id?1021283 32460 http://www.securityfocus.com/bid/32460 32862 http://secunia.com/advisories/32862 50277 http://osvdb.org/50277 RHSA-2008:1001 http://www.redhat.com/support/errata/RHSA-2008-1001.html https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 https://bugzilla.redhat.com/show_bug.cgi?id=459217 oval:org.mitre.oval:def:9556 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556 togpegasus-wbem-security-bypass(46829) https://exchange.xforce.ibmcloud.com/vulnerabilities/46829 Common Vulnerability Exposure (CVE) ID: CVE-2008-4315 1021281 http://www.securitytracker.com/id?1021281 50278 http://osvdb.org/50278 https://bugzilla.redhat.com/show_bug.cgi?id=472017 oval:org.mitre.oval:def:9431 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9431 togpegasus-systemlog-weak-security(46830) https://exchange.xforce.ibmcloud.com/vulnerabilities/46830 |
| Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |