CVE-2009-4606

Sažetak

South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.

Reference

http://osvdb.org/59080
http://retrogod.altervista.org/9sg_south_river_priv.html
http://secunia.com/advisories/37083
http://www.securityfocus.com/archive/1/507323/100/0/threaded
http://www.vupen.com/english/advisories/2009/2994
https://exchange.xforce.ibmcloud.com/vulnerabilities/53885

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

10-10-2018 - 19:49

Objavljeno

13-01-2010 - 11:30