The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the "!" character within less to access a privileged shell.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2010-01-13 11:30
Updated : 2024-02-28 11:41
NVD link : CVE-2009-4607
Mitre link : CVE-2009-4607
CVE.ORG link : CVE-2009-4607
JSON object : View
Products Affected
overlandstorage
- snap_server_410
- guardianos
CWE
CWE-264
Permissions, Privileges, and Access Controls