Full title: Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read Vulnerability 
Category: remote exploits
Platform: linux
The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file system into the editor. An attacker can abuse this to read arbitrary files within the allowed permissions.

# 0day.today @ http://0day.today/