Originally Published: Wednesday, 3 November 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Amanda Multiple Vendor Root Compromise.

The Amanda backup package has a several vulnerabilities which will allow any user to gain root privs. My tests were done ONLY on FreeBSD 3.3-RELEASE, though this is almost certainly not the only vulnerable OS. A search for "amanda-2 and not freebsd" on altavista yields preliminary, unconfirmed data that some of the vulnerable OS's (based on packages that are included on install CD's, anyone can install Amanda to make themselves vulnerable) may be: RedHat ?.?, TurboLinux, PowerTools CD, SuSE 6.2 Confirmation on which OS's/tar's are vulnerable would be useful.