Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4198326a by Tobias Frost at 2023-12-03T10:40:00+01:00 CVE-2016-10730/amanda fixed with 1:3.3.9-1 This vulnerability was fixed with the introduction of the security file, (man amanda-security.conf). The said version is the first version in Debian that has this feature. Verfified on buster and stretch that the PoC does not work, but bail out with: e.g security file '/etc/amanda-security.conf' do not allow to run '/tmp/runme.sh' as root for 'amstar:star_path' when trying to run /usr/lib/amanda/application/amstar restore --star-path=/tmp/runme.sh (PoC is from https://www.exploit-db.com/exploits/39244/, as linked already in the tracker.) - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -352265,7 +352265,7 @@ CVE-2018-18633 CVE-2018-18632 RESERVED CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...) - - amanda <unfixed> (unimportant) + - amanda 1:3.3.9-1 (unimportant) NOTE: https://www.exploit-db.com/exploits/39244/ NOTE: /usr/lib/amanda/application/amstar can only be run by members of the backup NOTE: group (which is root-equivalent due to being able to perform restores e.g.) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4198326a4f1dcfd8ab5329eddc25042fe190b9b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4198326a4f1dcfd8ab5329eddc25042fe190b9b5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits