Overland Guardian OS 5.1.041 privilege escalation

EDB-ID: 9955 CVE: 2009-4607 OSVDB-ID: 61789
Author: trompele Published: 2009-10-20 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A


Prev Home Next
Device: Snap Server 410
OS: GuardianOS 5.1.041
Description: When logged in to CLI via ssh as admin (uid=1) you can escalate your privileges to uid 0 and get /bin/sh. In order to achieve this open 'less' which is available as default for viewing files (ie. less /tmp/top.log) and type in '!/bin/sh'. This will give you direct access to sh shell with UID 0. Tested only on OS version as above.