Summary
This host has Changetrack installed and is prone to Local Privilege Escalation vulnerability.
Impact
Attacker may leverage this issue by executing arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
Impact Level: Application
Solution
Upgrade to Changetrack version 4.7 or later
For updates refer to http://changetrack.sourceforge.net/
Insight
This flaw is generated because the application does not properly handle certain file names.
Affected
Changetrack version 4.3
References
Severity
Classification
-
CVE CVE-2009-3233 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Default password router Zyxel
- Mozilla Products Privilege Escalation Vulnerabily (MAC OS X)
- Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Mac OS X)
- VMAX Web Viewer Default Credentials Authentication Bypass Vulnerability
- Sun VirtualBox 'VBoxNetAdpCtl' Privilege Escalation Vulnerability