South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-01-13T11:00:00
Updated: 2024-08-07T07:08:37.930Z
Reserved: 2010-01-12T00:00:00
Link: CVE-2009-4606
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-01-13T11:30:00.373
Modified: 2018-10-10T19:49:20.777
Link: CVE-2009-4606
Redhat
No data.