Lucene search

[email protected]CVE-2009-4606

HistoryJan 13, 2010 - 11:30 a.m.

CVE-2009-4606

2010-01-1311:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-4606

south river technologies

webdrive service

security descriptor

local users

arbitrary commands

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.

Affected configurations

NVD

Node

south_river_technologieswebdriveMatch9.02build_2232

CPENameOperatorVersion
south_river_technologies:webdrivesouth river technologies webdriveeq9.02

CPE	Name	Operator	Version
south_river_technologies:webdrive	south river technologies webdrive	eq	9.02

References

osvdb.org/59080

retrogod.altervista.org/9sg_south_river_priv.html

secunia.com/advisories/37083

www.securityfocus.com/archive/1/507323/100/0/threaded

www.vupen.com/english/advisories/2009/2994

exchange.xforce.ibmcloud.com/vulnerabilities/53885

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2009-4606

nvd1 packetstorm1 openvas2 prion1 seebug1 cvelist1