PT-2010-1426 · Gnu+1 · Less+2

Published

2010-01-13

Updated

2018-10-10

CVE-2009-4607

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Overland Storage Snap Server 410 with GuardianOS version 5.1.041

Description The command line interface in the affected software runs the less utility with higher privileges than the CLI user, without sufficient restrictions on shell escapes. This allows local users to gain privileges by using the ! character within less to access a privileged shell.

Recommendations For Overland Storage Snap Server 410 with GuardianOS version 5.1.041, consider restricting access to the less utility or running it with lowered privileges to minimize the risk of exploitation. As a temporary workaround, avoid using the ! character within less to prevent accessing a privileged shell.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-4607

Affected Products

Guardianos

Overland Storage Snap Server 410

Less

PT-2010-1426 · Gnu+1 · Less+2

CVE-2009-4607

Weakness Enumeration

Related Identifiers

Affected Products

References · 6