Overland Guardian OS 5.1.041 - Privilege Escalation

EDB-ID: 9955 CVE: 2009-4607 OSVDB-ID: 61789
Verified: Author: trompele Published: 2009-10-20
Download Exploit: Source Raw Download Vulnerable App: N/A
Device: Snap Server 410
OS: GuardianOS 5.1.041
Description: When logged in to CLI via ssh as admin (uid=1) you can escalate your privileges to uid 0 and get /bin/sh. In order to achieve this open 'less' which is available as default for viewing files (ie. less /tmp/top.log) and type in '!/bin/sh'. This will give you direct access to sh shell with UID 0. Tested only on OS version as above.