This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Scientific Linux defines additional security enhancements for
OpenGroup Pegasus WBEM services in addition to those defined by the
upstream OpenGroup Pegasus release.
After re-basing to version 2.7.0 of the OpenGroup Pegasus code, these
additional security enhancements were no longer being applied. As a
consequence, access to OpenPegasus WBEM services was not restricted to
the dedicated users. An attacker able to authenticate using a valid
user account could use this flaw to send requests to WBEM services.
Note: default SELinux policy prevents tog-pegasus from modifying
system files. This flaw's impact depends on whether or not tog-pegasus
is confined by SELinux, and on any additional CMPI providers installed
and enabled on a particular system.
Failed authentication attempts against the OpenPegasus CIM server were
not logged to the system log. An attacker could use this flaw to
perform password guessing attacks against a user account without
leaving traces in the system log. (CVE-2008-4315)
See also :
Update the affected tog-pegasus and / or tog-pegasus-devel packages.
Risk factor :
Medium / CVSS Base Score : 6.8