BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
BID:25342
Info
BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
| Bugtraq ID: | 25342 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4390 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 16 2007 12:00AM |
| Updated: | Apr 16 2015 06:10PM |
| Credit: | forloop of Template Security is credited with the discovery of this issue. |
| Vulnerable: |
Bluecat Networks Adonis (Firmware) 5.0.2 .8 |
| Not Vulnerable: |
Bluecat Networks Adonis (Firmware) 5.0.5 |
Discussion
BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability because the software fails to properly sanitize user-supplied input.
An attacker with administrative privileges can exploit this issue to execute arbitrary shell commands with superuser privileges. A successful attack will result in the complete compromise of an affected appliance.
Adonis 5.0.2.8 is vulnerable; other versions may also be affected.
BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability because the software fails to properly sanitize user-supplied input.
An attacker with administrative privileges can exploit this issue to execute arbitrary shell commands with superuser privileges. A successful attack will result in the complete compromise of an affected appliance.
Adonis 5.0.2.8 is vulnerable; other versions may also be affected.
Exploit / POC
BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
The following example exploit command is available:
set host-name ;bash
The following example exploit command is available:
set host-name ;bash
Solution / Fix
BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
Solution:
The vendor released Adonis 5.0.5 to address this issue. Please contact the vendor for information on how to obtain and apply the fix.
Solution:
The vendor released Adonis 5.0.5 to address this issue. Please contact the vendor for information on how to obtain and apply the fix.
References
BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
References:
References:
- Vendor Homepage (BlueCat Networks)
- Re: TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation ([email protected])
- TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation ("anonymous.c7ffa4057a"