Signature Detail
Short Name |
APP:AMANDA:AMANDA-ROOT-OF1 |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Amanda Amindexd Remote Overflow (1) |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Amanda Amindexd Remote Overflow (1)
This signature detects attempts to exploit a known vulnerability against the amindexd daemon for Amanda, a popular UNIX file backup system. Without host system configuration knowledge, attackers can send long commands to the amindexd daemon in an effort to overflow the buffer and gain root access.
Extended Description
The AMANDA amcheck component is prone to a locally exploitable buffer overflow condition. The amcheck utility is installed setuid root by default. This may allow some local attackers to execute arbitrary instructions to gain root privileges, and is the result of insufficient bounds checking when processing command line input. It should be noted that the amcheck may only be executed by the user/group operator (on FreeBSD).
Affected Products
- AMANDA 2.3.0 .0.4
References
- BugTraq: 4840
- CVE: CVE-2002-0901
- URL: http://online.securityfocus.com/archive/82/274229
- URL: http://www.amanda.org/
- URL: http://www.net-security.org/vuln.php?id=1716