Vulnerability Description
South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| South River Technologies | Webdrive | 9.02 |
Related Weaknesses (CWE)
References
- http://osvdb.org/59080
- http://retrogod.altervista.org/9sg_south_river_priv.html
- http://secunia.com/advisories/37083Vendor Advisory
- http://www.securityfocus.com/archive/1/507323/100/0/threaded
- http://www.vupen.com/english/advisories/2009/2994Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53885
- http://osvdb.org/59080
- http://retrogod.altervista.org/9sg_south_river_priv.html
- http://secunia.com/advisories/37083Vendor Advisory
- http://www.securityfocus.com/archive/1/507323/100/0/threaded
- http://www.vupen.com/english/advisories/2009/2994Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53885
FAQ
What is CVE-2009-4606?
CVE-2009-4606 is a vulnerability with a CVSS score of 7.2 (HIGH). South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitr...
How severe is CVE-2009-4606?
CVE-2009-4606 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4606?
Check the references section above for vendor advisories and patch information. Affected products include: South River Technologies Webdrive.