Lucene search

[email protected]CVE-2009-4607

HistoryJan 13, 2010 - 11:30 a.m.

CVE-2009-4607

2010-01-1311:30:00

CWE-264

[email protected]

web.nvd.nist.gov

overland storage

snap server

guardianos

privilege escalation

cve-2009-4607

nvd

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the “less” utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the “!” character within less to access a privileged shell.

Affected configurations

NVD

Node

overlandstoragesnap_server_410

AND

overlandstorageguardianosMatch5.1.041

CPENameOperatorVersion
overlandstorage:snap_server_410overlandstorage snap server 410eq*
overlandstorage:guardianosoverlandstorage guardianoseq5.1.041

CPE	Name	Operator	Version
overlandstorage:snap_server_410	overlandstorage snap server 410	eq	*
overlandstorage:guardianos	overlandstorage guardianos	eq	5.1.041

References

www.juniper.net/security/auto/vulnerabilities/vuln36739.html

www.securityfocus.com/archive/1/507318/100/0/threaded

www.securityfocus.com/bid/36739

exchange.xforce.ibmcloud.com/vulnerabilities/53881

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2009-4607

prion1 nvd1 cvelist1