Re: TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation
BlueCat Networks is aware of this situation involving the CLI (known as the
Adonis Administration Console) that can give an admin user unauthorized root
privileges on the system.
This situation may only arise if an administrator has admin login capabilities
to the CLI whether through SSH access or direct access to the system ? i.e.
monitor and keyboard.
Please note that this situation is only possible if someone has both access to
the system and the admin password. In most customer environments such access
should be highly restricted to trusted personnel. Commonly, those trusted
personnel have access to the system with both the admin and the root passwords,
which will give them root access regardless.
We would like to note that the Proteus IPAM appliance is not affected by this
issue
We are currently investigating this issue with the intention of amending the
product to diminish the likelihood of this occurring. A patch should be
available shortly. In the meantime, we are recommending that customers do all
of the following:
1. Check administrative access ? make sure that only trustworthy people
are chosen as administrators, so that only they will have access to the
system, and will not abuse it.
2. Change passwords if necessary and distribute new passwords only to
valid trusted admins.
3. Disable SSH remote access to the Adonis system ? this will prevent
users from accessing the system remotely requiring direct access to the Adonis
system for CLI access.
4. Ensure that the Adonis system is physically secured ? this will prevent
unauthorized users from accessing the CLI.
Kindest regards,
BlueCat Networks Security