Technical Description

Multiple vulnerabilities have been identified in OpenPegasus, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.

The first issue is caused by a buffer overflow error in the "Cimservera::PAMCallback()" [cimservera.cpp] function when processing an overly long password, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code.

The second vulnerability is caused by a buffer overflow error in the PAM authentication module when handling malformed data, which could be exploited by remote attackers to crash an affected application or execute arbitrary code.

Affected Products

OpenPegasus versions 2.x

Solution

Fixes are available via CVS :
http://cvs.opengroup.org/cgi-bin/cvsweb.cgi/?cvsroot=Pegasus

References

http://www.vupen.com/english/advisories/2008/0063
https://bugzilla.redhat.com/show_bug.cgi?id=426578
https://bugzilla.redhat.com/show_bug.cgi?id=426568

Credits

Vulnerabilities reported by Mark J. Cox and Alexander Sotirov (VMware Security Research).

ChangeLog

2008-01-08 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.