Secunia
Login
|
|
|
|
|
|
|
|
|
OpenPegasus PAM Module Buffer Overflow Vulnerabilities
Release Date: 2008-01-08 Views: 11,821
Secunia Advisory SA28358
Where:
From local network
Impact:
DoS, System access,
Solution Status:
Partial Fix
CVE Reference(s):
Description
Some vulnerabilities have been reported in OpenPegasus, which can potentially be exploited by malicious people to compromise a vulnerable system.
1) A boundary error exists within the "PAMBasicAuthenticator::PAMCallback()" method and can be exploited to cause a buffer overflow via an overly long password.
Successful exploitation may allow execution of arbitrary code.
2) A boundary error within the PAM module can be exploited to cause a buffer overflow and potentially allows execution of arbitrary code.
Solution:
Vulnerability #1 is fixed in the CVS repository.
Further details available to Secunia VIM customers
Provided and/or discovered by:
1) Mark J. Cox, via a Red Hat bug report.
2) Alexander Sotirov from VMware Security Research, reported via a VMWare advisory.
Original Advisory:
Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=426578
VMware:
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: OpenPegasus PAM Module Buffer Overflow Vulnerabilities
|
No posts yet |
|
You must be logged in to post a comment. |
