Privilege escalation : Changetrack Local Privilege Escalation Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900868

Categoría: Privilege escalation

Título: Changetrack Local Privilege Escalation Vulnerability

Resumen: Changetrack is prone to a local privilege; escalation vulnerability.

Descripción: Summary:
Changetrack is prone to a local privilege
escalation vulnerability.

Vulnerability Insight:
This flaw is generated because the application does not properly handle
certain file names.

Vulnerability Impact:
Attacker may leverage this issue by executing arbitrary commands via CRLF
sequences and shell metacharacters in a filename in a directory that is
checked by changetrack.

Affected Software/OS:
Changetrack version 4.3

Solution:
Upgrade to Changetrack version 4.7 or later

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3233
BugTraq ID: 36420
http://www.securityfocus.com/bid/36420
http://www.openwall.com/lists/oss-security/2009/09/16/3
http://secunia.com/advisories/36756

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900868
Categoría:	Privilege escalation
Título:	Changetrack Local Privilege Escalation Vulnerability
Resumen:	Changetrack is prone to a local privilege; escalation vulnerability.
Descripción:	Summary: Changetrack is prone to a local privilege escalation vulnerability. Vulnerability Insight: This flaw is generated because the application does not properly handle certain file names. Vulnerability Impact: Attacker may leverage this issue by executing arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack. Affected Software/OS: Changetrack version 4.3 Solution: Upgrade to Changetrack version 4.7 or later CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3233 BugTraq ID: 36420 http://www.securityfocus.com/bid/36420 http://www.openwall.com/lists/oss-security/2009/09/16/3 http://secunia.com/advisories/36756
Copyright	Copyright (C) 2009 Greenbone AG