Re: TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation

[security () bluecatnetworks com]

BlueCat Networks is aware of this situation involving the CLI (known as the Adonis Administration Console) that can 
give an admin user unauthorized root privileges on the system.

This situation may only arise if an administrator has admin login capabilities to the CLI whether through SSH access or 
direct access to the system – i.e. monitor and keyboard.  

Please note that this situation is only possible if someone has both  access to the system and the admin password.   In 
most customer environments such access should be highly restricted to trusted personnel.  Commonly, those trusted  
personnel have access to the system with both the admin and the root passwords, which will give them root access 
regardless.  

We would like to note that the Proteus IPAM appliance is not affected by this issue


We are currently investigating this issue with the intention of amending the product to diminish the likelihood of this 
occurring.  A patch should be available shortly.  In the meantime, we are recommending that customers do all of the 
following:

1.      Check administrative access – make sure that only trustworthy people are chosen as  administrators, so that 
only they will have access to the system, and will not abuse it.  

2.      Change passwords if necessary and distribute new passwords only to valid trusted admins.  

3.      Disable SSH remote access to the Adonis system – this will prevent users from accessing the system remotely 
requiring direct access to the Adonis system for CLI access.

4.      Ensure that the Adonis system is physically secured – this will prevent unauthorized users from accessing the 
CLI.


Kindest regards,
BlueCat Networks Security