PT-2007-5571 · Bluecat Networks · Adonis Dns/Dhcp

Publicado

2007-08-17

Atualizado

2018-10-15

CVE-2007-4390

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BlueCat Networks Adonis DNS/DHCP appliance version 5.0.2.8

Description The issue allows local admin users to gain root privileges on the underlying operating system. This is achieved by exploiting shell metacharacters in a command within the Command Line Interface (CLI), also known as the Adonis Administration Console.

Recommendations For version 5.0.2.8, consider restricting access to the Command Line Interface to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using commands that may contain shell metacharacters in the Adonis Administration Console.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2007-4390

Produtos afetados

Adonis Dns/Dhcp

PT-2007-5571 · Bluecat Networks · Adonis Dns/Dhcp

CVE-2007-4390

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10