CVE-2007-4226 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bluecat Networks	Adonis

Configuration 1 [-]

cpe:2.3:h:bluecat_networks:adonis:5.0.2.8:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=118669433531027&w=2
http://osvdb.org/39397
http://secunia.com/advisories/26354
http://securityreason.com/securityalert/2986
http://securitytracker.com/id?1018521
http://www.securityfocus.com/archive/1/475667/100/0/threaded
http://www.securityfocus.com/bid/25214
http://www.vupen.com/english/advisories/2007/2840
https://exchange.xforce.ibmcloud.com/vulnerabilities/35807

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-08T22:00:00

Updated: 2024-08-07T14:46:39.400Z

Reserved: 2007-08-08T00:00:00

Link: CVE-2007-4226

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-08-08T22:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4226

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-06T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1018521", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018521"}, {"name": "adonis-tftp-privilege-escalation(35807)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35807"}, {"name": "25214", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25214"}, {"name": "ADV-2007-2840", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2840"}, {"name": "2986", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2986"}, {"name": "20070809 Re: TS-2007-002-0: BlueCat Networks Adonis root Privilege Access", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=118669433531027&w=2"}, {"name": "20070806 TS-2007-002-0: BlueCat Networks Adonis root Privilege Access", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/475667/100/0/threaded"}, {"name": "39397", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39397"}, {"name": "26354", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26354"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4226", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1018521", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018521"}, {"name": "adonis-tftp-privilege-escalation(35807)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35807"}, {"name": "25214", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25214"}, {"name": "ADV-2007-2840", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2840"}, {"name": "2986", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2986"}, {"name": "20070809 Re: TS-2007-002-0: BlueCat Networks Adonis root Privilege Access", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=118669433531027&w=2"}, {"name": "20070806 TS-2007-002-0: BlueCat Networks Adonis root Privilege Access", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/475667/100/0/threaded"}, {"name": "39397", "refsource": "OSVDB", "url": "http://osvdb.org/39397"}, {"name": "26354", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26354"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.400Z"}, "title": "CVE Program Container", "references": [{"name": "1018521", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018521"}, {"name": "adonis-tftp-privilege-escalation(35807)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35807"}, {"name": "25214", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25214"}, {"name": "ADV-2007-2840", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2840"}, {"name": "2986", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2986"}, {"name": "20070809 Re: TS-2007-002-0: BlueCat Networks Adonis root Privilege Access", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=118669433531027&w=2"}, {"name": "20070806 TS-2007-002-0: BlueCat Networks Adonis root Privilege Access", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/475667/100/0/threaded"}, {"name": "39397", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39397"}, {"name": "26354", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26354"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4226", "datePublished": "2007-08-08T22:00:00", "dateReserved": "2007-08-08T00:00:00", "dateUpdated": "2024-08-07T14:46:39.400Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:bluecat_networks:adonis:5.0.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "B832AF66-C44C-44EF-ADF7-8793962C2750", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) permite a administradores autenticados remotamente, con determinados privilegios TFTP, crear y sobrescribir archivos de su elecci\u00f3n mediante un .. (punto punto) en un nombre de ruta. NOTA: esto puede ser aprovechado para obtener acceso administrativo sobrescribiendo /etc/shadow."}], "id": "CVE-2007-4226", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-08T22:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=118669433531027&w=2"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/39397"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26354"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2986"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1018521"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/475667/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25214"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2840"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=118669433531027&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/39397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26354"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2986"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1018521"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/475667/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2840"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35807"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}