__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Tog-Pegasus Security Update [Red Hat RHSA-2008:0002-7] January 11, 2008 19:00 GMT Number S-113 ______________________________________________________________________________ PROBLEM: There is a stack buffer overflow in the PAM authentication code in the OpenPegasus CIM management server. PLATFORM: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES (v. 4, v.4.5.z) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux WS (v. 4) DAMAGE: An unauthenticated remote user could potentially execute arbitrary code with root privileges. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. An unauthenticated remote user could ASSESSMENT: potentially execute arbitrary code with root privileges. The Tog-Pegasus packages are not installed by default on Red Hat Enterprise Linux. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-113.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0002.html CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2008-0003 ______________________________________________________________________________ [***** Start Red Hat RHSA-2008:0002-7 *****] Critical: tog-pegasus security update Advisory: RHSA-2008:0002-7 Type: Security Advisory Severity: Critical Issued on: 2008-01-07 Last updated on: 2008-01-07 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux AS (v. 4.5.z) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux ES (v. 4.5.z) Red Hat Enterprise Linux WS (v. 4) OVAL: com.redhat.rhsa-20080002.xml CVEs (cve.mitre.org): CVE-2008-0003 Details Updated tog-pegasus packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent DMTF standard that defines a common information model, and communication protocol for monitoring and controlling resources. During a security audit, a stack buffer overflow flaw was found in the PAM authentication code in the OpenPegasus CIM management server. An unauthenticated remote user could trigger this flaw and potentially execute arbitrary code with root privileges. (CVE-2008-0003) Note that the tog-pegasus packages are not installed by default on Red Hat Enterprise Linux. The Red Hat Security Response Team believes that it would be hard to remotely exploit this issue to execute arbitrary code, due to the default SELinux targeted policy on Red Hat Enterprise Linux 4 and 5, and the SELinux memory protection tests enabled by default on Red Hat Enterprise Linux 5. Users of tog-pegasus should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages the tog-pegasus service should be restarted. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- IA-32: tog-pegasus-devel-2.6.1-2.el5_1.1.i386.rpm 100fa0e10106c1768159ae5757f6448e x86_64: tog-pegasus-devel-2.6.1-2.el5_1.1.i386.rpm 100fa0e10106c1768159ae5757f6448e tog-pegasus-devel-2.6.1-2.el5_1.1.x86_64.rpm 48c73e91c17a6d3f97d90cfda77d658f Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: tog-pegasus-2.5.1-5.el4_6.1.src.rpm 132d547518cd081fcad30329589b87f0 IA-32: tog-pegasus-2.5.1-5.el4_6.1.i386.rpm 09763486ff9184f6a108995bf8d22420 tog-pegasus-devel-2.5.1-5.el4_6.1.i386.rpm a9b9a3122300a855fee899fce88abaee tog-pegasus-test-2.5.1-5.el4_6.1.i386.rpm bf30bb67313d2550db27796c6bf498f4 x86_64: tog-pegasus-2.5.1-5.el4_6.1.x86_64.rpm bc463c904ae89ee9e8826f011e6d446d tog-pegasus-devel-2.5.1-5.el4_6.1.x86_64.rpm 185ff11b05986e3c56f9e9dd2395b392 tog-pegasus-test-2.5.1-5.el4_6.1.x86_64.rpm 0f232969a85bfe5a7e3227dd87576afa Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: tog-pegasus-2.6.1-2.el5_1.1.src.rpm f75ce0d36bd4cc31846f4b2b4ca80f44 IA-32: tog-pegasus-2.6.1-2.el5_1.1.i386.rpm d89e33e18fc00dab9b200c94fa076635 tog-pegasus-devel-2.6.1-2.el5_1.1.i386.rpm 100fa0e10106c1768159ae5757f6448e IA-64: tog-pegasus-2.6.1-2.el5_1.1.ia64.rpm cb37d450ea515c7ed4c44f0902e50873 tog-pegasus-devel-2.6.1-2.el5_1.1.ia64.rpm 8ef9471a518a32b385c4cade686975a1 PPC: tog-pegasus-2.6.1-2.el5_1.1.ppc.rpm 79a0677507ac7d79365b2b6810af9304 tog-pegasus-2.6.1-2.el5_1.1.ppc64.rpm 215f468228ca2774ed0f90cfaff674cb tog-pegasus-devel-2.6.1-2.el5_1.1.ppc.rpm 2a017751ae4c1e6cac160c3c01ce3c4e tog-pegasus-devel-2.6.1-2.el5_1.1.ppc64.rpm 37089d0ede62acc09a03e14c67e19454 s390x: tog-pegasus-2.6.1-2.el5_1.1.s390.rpm a8a3c30271992d852a70a01091d86aa4 tog-pegasus-2.6.1-2.el5_1.1.s390x.rpm 0e624078c42c1257c5a4edf4b7e1e04a tog-pegasus-devel-2.6.1-2.el5_1.1.s390.rpm bc1f64eac98268f96582f606a37c8350 tog-pegasus-devel-2.6.1-2.el5_1.1.s390x.rpm d9b8a058413af55614031c8d9a849211 x86_64: tog-pegasus-2.6.1-2.el5_1.1.i386.rpm d89e33e18fc00dab9b200c94fa076635 tog-pegasus-2.6.1-2.el5_1.1.x86_64.rpm 5e6f9d57e16dff1d45599829f5ae7200 tog-pegasus-devel-2.6.1-2.el5_1.1.i386.rpm 100fa0e10106c1768159ae5757f6448e tog-pegasus-devel-2.6.1-2.el5_1.1.x86_64.rpm 48c73e91c17a6d3f97d90cfda77d658f Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: tog-pegasus-2.5.1-5.el4_6.1.src.rpm 132d547518cd081fcad30329589b87f0 IA-32: tog-pegasus-2.5.1-5.el4_6.1.i386.rpm 09763486ff9184f6a108995bf8d22420 tog-pegasus-devel-2.5.1-5.el4_6.1.i386.rpm a9b9a3122300a855fee899fce88abaee tog-pegasus-test-2.5.1-5.el4_6.1.i386.rpm bf30bb67313d2550db27796c6bf498f4 IA-64: tog-pegasus-2.5.1-5.el4_6.1.ia64.rpm 6e223a470896d152e09bf2aa033e9e01 tog-pegasus-devel-2.5.1-5.el4_6.1.ia64.rpm 01651b63b0a223d9fbec61c3a3521326 tog-pegasus-test-2.5.1-5.el4_6.1.ia64.rpm a257b6366d837f680288c072d89bdba5 PPC: tog-pegasus-2.5.1-5.el4_6.1.ppc.rpm 71c56d7a325e60038be4ec45af776531 tog-pegasus-devel-2.5.1-5.el4_6.1.ppc.rpm 15dd8106d163b506519eaa8acaf09506 tog-pegasus-test-2.5.1-5.el4_6.1.ppc.rpm ad24141edb7acd38c23e751c0151c20d s390: tog-pegasus-2.5.1-5.el4_6.1.s390.rpm c583918eccb189e7be6ef96955cd3b97 tog-pegasus-devel-2.5.1-5.el4_6.1.s390.rpm a065d8cc3a009d63528570b38dc18bc6 tog-pegasus-test-2.5.1-5.el4_6.1.s390.rpm 642dee85ee11ed90ac22af62fbaa71e7 s390x: tog-pegasus-2.5.1-5.el4_6.1.s390x.rpm 309e2471dd765bc185a44082c2314037 tog-pegasus-devel-2.5.1-5.el4_6.1.s390x.rpm a3f7f82ce9faa6d20379f3aa9bc6a72d tog-pegasus-test-2.5.1-5.el4_6.1.s390x.rpm ae29311898cd716ed721d26213736910 x86_64: tog-pegasus-2.5.1-5.el4_6.1.x86_64.rpm bc463c904ae89ee9e8826f011e6d446d tog-pegasus-devel-2.5.1-5.el4_6.1.x86_64.rpm 185ff11b05986e3c56f9e9dd2395b392 tog-pegasus-test-2.5.1-5.el4_6.1.x86_64.rpm 0f232969a85bfe5a7e3227dd87576afa Red Hat Enterprise Linux AS (v. 4.5.z) -------------------------------------------------------------------------------- SRPMS: tog-pegasus-2.5.1-2.el4_5.1.src.rpm c65e3bd1cc12b868bbd15db188cf56ec IA-32: tog-pegasus-2.5.1-2.el4_5.1.i386.rpm 7e16cf4af73494a6e11c25e0e0a30274 tog-pegasus-devel-2.5.1-2.el4_5.1.i386.rpm 07907f01ce5e995d84cc8d7736ca642e tog-pegasus-test-2.5.1-2.el4_5.1.i386.rpm 2a993206bfb6ae6a24fce3defc7214c7 IA-64: tog-pegasus-2.5.1-2.el4_5.1.ia64.rpm b9966d364787c7d3e339c5ad2e359e8e tog-pegasus-devel-2.5.1-2.el4_5.1.ia64.rpm 8126e122a995fb00219336d6768cb5d4 tog-pegasus-test-2.5.1-2.el4_5.1.ia64.rpm 2f15f3e947cbe39d942fecc6b4126e92 PPC: tog-pegasus-2.5.1-2.el4_5.1.ppc.rpm 7246e68be3bf7b8f0d270b31be52672c tog-pegasus-devel-2.5.1-2.el4_5.1.ppc.rpm db0dc1b6f1ce887ab2a70c6b3941a1c3 tog-pegasus-test-2.5.1-2.el4_5.1.ppc.rpm 9e114bce1594368d307aea6e94e10d5a s390: tog-pegasus-2.5.1-2.el4_5.1.s390.rpm baf12377535dc2e41a24f07a874ca3df tog-pegasus-devel-2.5.1-2.el4_5.1.s390.rpm 8643020458472f7f292a8d6ad2cc4adc tog-pegasus-test-2.5.1-2.el4_5.1.s390.rpm 494d75a98e50ddb0c3bc3a3d87b94197 s390x: tog-pegasus-2.5.1-2.el4_5.1.s390x.rpm cdbdd840ad572b915b8298821a1b1c38 tog-pegasus-devel-2.5.1-2.el4_5.1.s390x.rpm 3ac441ca63da1f5fe6131a0f82e1c716 tog-pegasus-test-2.5.1-2.el4_5.1.s390x.rpm 2f85eb6c53d5c70140652a860c37ac85 x86_64: tog-pegasus-2.5.1-2.el4_5.1.x86_64.rpm 9861e070e980223284085855d6154ec2 tog-pegasus-devel-2.5.1-2.el4_5.1.x86_64.rpm c6fa14d90b8a420606353a87dee3e044 tog-pegasus-test-2.5.1-2.el4_5.1.x86_64.rpm 0094f64e6156e415f8e8267f6778614a Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: tog-pegasus-2.6.1-2.el5_1.1.src.rpm f75ce0d36bd4cc31846f4b2b4ca80f44 IA-32: tog-pegasus-2.6.1-2.el5_1.1.i386.rpm d89e33e18fc00dab9b200c94fa076635 x86_64: tog-pegasus-2.6.1-2.el5_1.1.i386.rpm d89e33e18fc00dab9b200c94fa076635 tog-pegasus-2.6.1-2.el5_1.1.x86_64.rpm 5e6f9d57e16dff1d45599829f5ae7200 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: tog-pegasus-2.5.1-5.el4_6.1.src.rpm 132d547518cd081fcad30329589b87f0 IA-32: tog-pegasus-2.5.1-5.el4_6.1.i386.rpm 09763486ff9184f6a108995bf8d22420 tog-pegasus-devel-2.5.1-5.el4_6.1.i386.rpm a9b9a3122300a855fee899fce88abaee tog-pegasus-test-2.5.1-5.el4_6.1.i386.rpm bf30bb67313d2550db27796c6bf498f4 IA-64: tog-pegasus-2.5.1-5.el4_6.1.ia64.rpm 6e223a470896d152e09bf2aa033e9e01 tog-pegasus-devel-2.5.1-5.el4_6.1.ia64.rpm 01651b63b0a223d9fbec61c3a3521326 tog-pegasus-test-2.5.1-5.el4_6.1.ia64.rpm a257b6366d837f680288c072d89bdba5 x86_64: tog-pegasus-2.5.1-5.el4_6.1.x86_64.rpm bc463c904ae89ee9e8826f011e6d446d tog-pegasus-devel-2.5.1-5.el4_6.1.x86_64.rpm 185ff11b05986e3c56f9e9dd2395b392 tog-pegasus-test-2.5.1-5.el4_6.1.x86_64.rpm 0f232969a85bfe5a7e3227dd87576afa Red Hat Enterprise Linux ES (v. 4.5.z) -------------------------------------------------------------------------------- SRPMS: tog-pegasus-2.5.1-2.el4_5.1.src.rpm c65e3bd1cc12b868bbd15db188cf56ec IA-32: tog-pegasus-2.5.1-2.el4_5.1.i386.rpm 7e16cf4af73494a6e11c25e0e0a30274 tog-pegasus-devel-2.5.1-2.el4_5.1.i386.rpm 07907f01ce5e995d84cc8d7736ca642e tog-pegasus-test-2.5.1-2.el4_5.1.i386.rpm 2a993206bfb6ae6a24fce3defc7214c7 IA-64: tog-pegasus-2.5.1-2.el4_5.1.ia64.rpm b9966d364787c7d3e339c5ad2e359e8e tog-pegasus-devel-2.5.1-2.el4_5.1.ia64.rpm 8126e122a995fb00219336d6768cb5d4 tog-pegasus-test-2.5.1-2.el4_5.1.ia64.rpm 2f15f3e947cbe39d942fecc6b4126e92 x86_64: tog-pegasus-2.5.1-2.el4_5.1.x86_64.rpm 9861e070e980223284085855d6154ec2 tog-pegasus-devel-2.5.1-2.el4_5.1.x86_64.rpm c6fa14d90b8a420606353a87dee3e044 tog-pegasus-test-2.5.1-2.el4_5.1.x86_64.rpm 0094f64e6156e415f8e8267f6778614a Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: tog-pegasus-2.5.1-5.el4_6.1.src.rpm 132d547518cd081fcad30329589b87f0 IA-32: tog-pegasus-2.5.1-5.el4_6.1.i386.rpm 09763486ff9184f6a108995bf8d22420 tog-pegasus-devel-2.5.1-5.el4_6.1.i386.rpm a9b9a3122300a855fee899fce88abaee tog-pegasus-test-2.5.1-5.el4_6.1.i386.rpm bf30bb67313d2550db27796c6bf498f4 IA-64: tog-pegasus-2.5.1-5.el4_6.1.ia64.rpm 6e223a470896d152e09bf2aa033e9e01 tog-pegasus-devel-2.5.1-5.el4_6.1.ia64.rpm 01651b63b0a223d9fbec61c3a3521326 tog-pegasus-test-2.5.1-5.el4_6.1.ia64.rpm a257b6366d837f680288c072d89bdba5 x86_64: tog-pegasus-2.5.1-5.el4_6.1.x86_64.rpm bc463c904ae89ee9e8826f011e6d446d tog-pegasus-devel-2.5.1-5.el4_6.1.x86_64.rpm 185ff11b05986e3c56f9e9dd2395b392 tog-pegasus-test-2.5.1-5.el4_6.1.x86_64.rpm 0f232969a85bfe5a7e3227dd87576afa (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 426578 - CVE-2008-0003 tog-pegasus pam authentication buffer overflow References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0003 http://www.redhat.com/security/updates/classification/#critical -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2008:0002-7 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) S-103: Wireshark Vulnerabilities S-104: libsndfile Vulnerability S-105: Vulnerabilitiesin Windows TCP/IP S-106: Vulnerability in LSASS S-107: HP Software Update Running on WIndows S-108: PostgreSQL Security Update S-109: Apple QuickTime RTSP Response Vulnerability S-110: OpenAFS Vulnerability S-111: HP OpenView Operations (OVO) Agents Running Shared Trace Service Vulnerability S-112: SSH Tectia Client and Server Vulnerability