Vulnerabilities > CVE-2007-4226 - Remote Privilege Escalation vulnerability in Bluecat Networks Adonis 5.0.2.8
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 |
Exploit-Db
| description | BlueCat Networks Adonis 5.0.2 .8 TFTP Remote Privilege Escalation Vulnerability. CVE-2007-4226. Remote exploit for linux platform |
| id | EDB-ID:30454 |
| last seen | 2016-02-03 |
| modified | 2007-08-06 |
| published | 2007-08-06 |
| reporter | defaultroute |
| source | https://www.exploit-db.com/download/30454/ |
| title | BlueCat Networks Adonis 5.0.2.8 - TFTP Remote Privilege Escalation Vulnerability |
References
- http://marc.info/?l=bugtraq&m=118669433531027&w=2
- http://osvdb.org/39397
- http://secunia.com/advisories/26354
- http://securityreason.com/securityalert/2986
- http://securitytracker.com/id?1018521
- http://www.securityfocus.com/archive/1/475667/100/0/threaded
- http://www.securityfocus.com/bid/25214
- http://www.vupen.com/english/advisories/2007/2840
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35807