PT-2007-5419 · Bluecat Networks · Bluecat Networks Adonis Dns/Dhcp Appliance+1

Published

2007-08-08

Updated

2018-10-15

CVE-2007-4226

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BlueCat Networks Proteus IPAM appliance version 2.0.2.0 BlueCat Networks Adonis DNS/DHCP appliance version 5.0.2.8

Description The issue allows remote authenticated administrators with certain TFTP privileges to create and overwrite arbitrary files by using a .. (dot dot) in a pathname. This can potentially be used to gain administrative access by overwriting the /etc/shadow file.

Recommendations For BlueCat Networks Proteus IPAM appliance version 2.0.2.0, restrict TFTP privileges to prevent exploitation. For BlueCat Networks Adonis DNS/DHCP appliance version 5.0.2.8, limit access to sensitive files such as /etc/shadow to minimize the risk of unauthorized modifications.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4226

Affected Products

Bluecat Networks Adonis Dns/Dhcp Appliance

Bluecat Networks Proteus Ipam Appliance

PT-2007-5419 · Bluecat Networks · Bluecat Networks Adonis Dns/Dhcp Appliance+1

CVE-2007-4226

Related Identifiers

Affected Products

References · 11