top-pegasus is vulnerable to arbitrary code execution. A stack buffer overflow flaw was found in the PAM authentication code in the OpenPegasus CIM management server. An unauthenticated remote user could trigger this flaw and potentially execute arbitrary code with root privileges.
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
lists.vmware.com/pipermail/security-announce/2008/000014.html
osvdb.org/40082
secunia.com/advisories/28338
secunia.com/advisories/28462
secunia.com/advisories/29056
secunia.com/advisories/29785
secunia.com/advisories/29986
securitytracker.com/id?1019159
www.attrition.org/pipermail/vim/2008-January/001879.html
www.redhat.com/security/updates/classification/#critical
www.redhat.com/support/errata/RHSA-2008-0002.html
www.securityfocus.com/archive/1/490917/100/0/threaded
www.securityfocus.com/bid/27172
www.securityfocus.com/bid/27188
www.vupen.com/english/advisories/2008/0063
www.vupen.com/english/advisories/2008/0638
www.vupen.com/english/advisories/2008/1234/references
www.vupen.com/english/advisories/2008/1391/references
www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129
access.redhat.com/errata/RHSA-2008:0002
bugzilla.redhat.com/show_bug.cgi?id=426578
exchange.xforce.ibmcloud.com/vulnerabilities/39527
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10282
www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html
www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html