|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Wednesday, 3 November 1999||Author: Quentin Cregan|
|Published to: news_enhance_security/Security News||Page: 1/1 - [Std View]|
Amanda Multiple Vendor Root Compromise.
The Amanda backup package has a several vulnerabilities which will allow any user to gain root privs. My tests were done ONLY on FreeBSD 3.3-RELEASE, though this is almost certainly not the only vulnerable OS. A search for "amanda-2 and not freebsd" on altavista yields preliminary, unconfirmed data that some of the vulnerable OS's (based on packages that are included on install CD's, anyone can install Amanda to make themselves vulnerable) may be: RedHat ?.?, TurboLinux, PowerTools CD, SuSE 6.2 Confirmation on which OS's/tar's are vulnerable would be useful.