tog-pegasus is vulnerable to access control bypass. After re-basing to version 2.7.0 of the OpenGroup Pegasus code, these additional security enhancements were no longer being applied. As a consequence, access to OpenPegasus WBEM services was not restricted to the dedicated users as described in README.RedHat.Security. An attacker able to authenticate using a valid user account could use this flaw to send requests to WBEM services.
osvdb.org/50277
secunia.com/advisories/32862
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2008-1001.html
www.securityfocus.com/bid/32460
www.securitytracker.com/id?1021283
access.redhat.com/errata/RHSA-2008:1001
admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
bugzilla.redhat.com/show_bug.cgi?id=459217
exchange.xforce.ibmcloud.com/vulnerabilities/46829
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9556