APP: Amanda Amindexd Remote Overflow (2)
This signature detects attempts to exploit a known vulnerability against the DATE command in the amindexd daemon for Amanda, a popular UNIX file backup system. Without prior host system configuration knowledge, attackers can send long commands to the amindexd daemon at TCP/10082 to overflow the buffer and gain root access.
Extended Description
The AMANDA amcheck component is prone to a locally exploitable buffer overflow condition. The amcheck utility is installed setuid root by default. This may allow some local attackers to execute arbitrary instructions to gain root privileges, and is the result of insufficient bounds checking when processing command line input. It should be noted that the amcheck may only be executed by the user/group operator (on FreeBSD).
Affected Products
Amanda amanda
References
BugTraq: 4840
CVE: CVE-2002-0901
URL: http://online.securityfocus.com/archive/82/274229 http://www.net-security.org/vuln.php?id=1716 http://www.amanda.org/
Short Name
APP:AMANDA:AMANDA-ROOT-OF2
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
(2) Amanda Amindexd CVE-2002-0901 Overflow Remote bid:4840
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/10082
False Positive
Unknown
Vendors
Amanda
CVSS Score
10.0