BlueCat Adonis DNS/DHCP CLI privilege escalation
| adonis-dnsdhcpcli-privilege-escalation (36082) |  Medium Risk |
Description:
The BlueCat Adonis DNS/DHCP appliance could allow a local attacker with administrator privileges to gain elevated privileges on the underlying operating system. By sending a specially-crafted command to the command line interface (CLI), an attacker could exploit this vulnerability to execute commands with root privileges on the Adonis device.
Platforms Affected:
- BlueCat Networks, Adonis 5.0.2.8 and prior
Remedy:
No remedy available as of December 2007.
Consequences:
Gain Privileges
References:
- BlueCat Adonis Web site, Adonis DNS management appliances, DNS server - BlueCat Networks at http://www.bluecatnetworks.com/products/adonis-dns-dhcp-appliances/.
- BugTraq Mailing List, Fri Jul 27 2007 - 06:36:40 CDT, TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation at http://archives.neohapsis.com/archives/bugtraq/2007-08/0265.html.
- BID-25342: BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
- CVE-2007-4390: The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command.
- SA26495: BlueCat Networks Adonis CLI Privilege Escalation Vulnerability
- SECTRACK ID: 1018584: Adonis Command Line Interface Lets Local Administrative Users Gain Root Privileges
Reported:
Aug 16, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net