Vulnerability Report

CVE-2008-0003

RCE

Title: Openpegasus Management Server RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2008-0003.

CWE Category CWE-119

Published Date Jan 08, 2008

Modified Date Apr 09, 2025

Exploit Status Not Found

Score 10.0 CVSS v2.0

Exploit Probability (EPSS)

29.51%

Vulnerability Summary

CVE-2008-0003: Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.

Impacted Vendors

openpegasus 1

Reference Links

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409 http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://osvdb.org/40082 http://secunia.com/advisories/28338 http://secunia.com/advisories/28462 http://secunia.com/advisories/29056 http://secunia.com/advisories/29785 http://secunia.com/advisories/29986 http://securitytracker.com/id?1019159 http://www.attrition.org/pipermail/vim/2008-January/001879.html http://www.redhat.com/support/errata/RHSA-2008-0002.html http://www.securityfocus.com/archive/1/490917/100/0/threaded http://www.securityfocus.com/bid/27172 http://www.securityfocus.com/bid/27188 http://www.vupen.com/english/advisories/2008/0063 http://www.vupen.com/english/advisories/2008/0638 http://www.vupen.com/english/advisories/2008/1234/references http://www.vupen.com/english/advisories/2008/1391/references http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129 https://bugzilla.redhat.com/show_bug.cgi?id=426578 https://exchange.xforce.ibmcloud.com/vulnerabilities/39527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409 http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://osvdb.org/40082 http://secunia.com/advisories/28338 http://secunia.com/advisories/28462 http://secunia.com/advisories/29056 http://secunia.com/advisories/29785 http://secunia.com/advisories/29986 http://securitytracker.com/id?1019159 http://www.attrition.org/pipermail/vim/2008-January/001879.html http://www.redhat.com/support/errata/RHSA-2008-0002.html http://www.securityfocus.com/archive/1/490917/100/0/threaded http://www.securityfocus.com/bid/27172 http://www.securityfocus.com/bid/27188 http://www.vupen.com/english/advisories/2008/0063 http://www.vupen.com/english/advisories/2008/0638 http://www.vupen.com/english/advisories/2008/1234/references http://www.vupen.com/english/advisories/2008/1391/references http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129 https://bugzilla.redhat.com/show_bug.cgi?id=426578 https://exchange.xforce.ibmcloud.com/vulnerabilities/39527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html

CVSS v2.0

Source Entity [email protected]

Severity HIGH

10.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-0003 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

January 08, 2008 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.