Changetrack Local Privilege Escalation Vulnerability Network Vulnerability

Summary

This host has Changetrack installed and is prone to Local Privilege Escalation vulnerability.

Impact

Attacker may leverage this issue by executing arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack. Impact Level: Application

Solution

Upgrade to Changetrack version 4.7 or later For updates refer to http://changetrack.sourceforge.net/

Insight

This flaw is generated because the application does not properly handle certain file names.

Affected

Changetrack version 4.3

References

http://bugs.debian.org/546791
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546791
http://secunia.com/advisories/36756
http://www.openwall.com/lists/oss-security/2009/09/16/3

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3233
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Nortel/Bay Networks default password
Adobe Flash Media Server Privilege Escalation Vulnerability
Mozilla Products Privilege Escalation Vulnerabily (Windows)
Multiple Brickcom Devices Authentication Bypass Vulnerability
Nortel Default Username and Password

Take action and discover your vulnerabilities