Short Name |
APP:AMANDA:AMANDA-ROOT-OF2 |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Amanda Amindexd Remote Overflow (2) |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against the DATE command in the amindexd daemon for Amanda, a popular UNIX file backup system. Without prior host system configuration knowledge, attackers can send long commands to the amindexd daemon at TCP/10082 to overflow the buffer and gain root access.
The AMANDA amcheck component is prone to a locally exploitable buffer overflow condition. The amcheck utility is installed setuid root by default. This may allow some local attackers to execute arbitrary instructions to gain root privileges, and is the result of insufficient bounds checking when processing command line input. It should be noted that the amcheck may only be executed by the user/group operator (on FreeBSD).