CVE-2007-5360Improper Restriction of Operations within the Bounds of a Memory Buffer in Vmware ESX

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow7 documents5 sources
Severity
7.5HIGHNVD
EPSS
10.5%
top 6.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware ESX
Timeline
PublishedJan 8
Latest updateMay 1

Description

Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDvmware/esx3.0.1, 3.0.2+1

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-79mv-qv9r-5fvw: Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Ser2022-05-01
CVEList
CVE-2007-5360: Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Ser2008-01-08

📋Vendor Advisories

3
Red Hat
tog-pegasus pam authentication buffer overflow2008-01-08
Red Hat
tog-pegasus pam authentication buffer overflow2008-01-07
Red Hat
CVE-2008-0495: Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3

💬Community

1
Bugzilla
CVE-2007-5360 tog-pegasus pam authentication buffer overflow2007-12-22
CVE-2007-5360 — Vmware ESX vulnerability | cvebase