Hide Forgot
VMWare reported a buffer overflow vulnerability in the PAM authentication code in the OpenPegasus CIM management server. This vulnerability can be exploited remotely and results in arbitrary code execution with the privileges of the cimserver process. Details in next comment. Due to the nature of the bug, and the Red Hat changes to tog-pegasus package, it's quite likely it has a much reduced impact, this will have to be investigated. Current embargo is Dec 27th. I've asked for an extension to Jan 3rd at the earliest.
There were some changes made to authentication code for Red Hat version, these need to be checked The sprintf is unfortunately not caught by fortify_source (because it's C++) We do ship with a SELinux policy by default (it was a requirement of shipping this package)
Not vulnerable. The RHEL4 and RHEL5 builds of tog-pegasus do not build with PEGASUS_USE_PAM_STANDALONE_PROC and therefore do not compile the vulnerable function.
Public now: http://marc.info/?l=full-disclosure&m=119975801904357&w=4
Whilst this issue does not affect Red Hat Enterprise Linux tog-pegasus packages, we found a similar issue that does. Please see https://bugzilla.redhat.com/show_bug.cgi?id=426578