Test ID:	1.3.6.1.4.1.25623.1.0.800159
Category:	Privilege escalation
Title:	South River Technologies WebDrive Local Privilege Escalation Vulnerability
Summary:	South River Technologies WebDrive is prone to a local privilege escalation vulnerability.
Description:	Summary: South River Technologies WebDrive is prone to a local privilege escalation vulnerability. Vulnerability Insight: The flaw is due to the WebDrive Service being installed without security descriptors, which could be exploited by local attackers to, - stop the service via the stop command - restart the service via the start command - execute arbitrary commands with elevated privileges by changing the service 'binPath' configuration. Vulnerability Impact: Successful exploitation will let the local attacker to execute arbitrary commands with an elevated privileges. Affected Software/OS: South River WebDrive version 9.02 build 2232 and prior on Windows. Solution: Upgrade to South River WebDrive version 9.10 or later CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4606 Bugtraq: 20091020 South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges (Google Search) http://www.securityfocus.com/archive/1/507323/100/0/threaded http://retrogod.altervista.org/9sg_south_river_priv.html http://osvdb.org/59080 http://secunia.com/advisories/37083 http://www.vupen.com/english/advisories/2009/2994 XForce ISS Database: webdrive-webdrive-privilege-escalation(53885) https://exchange.xforce.ibmcloud.com/vulnerabilities/53885
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.