[Git][security-tracker-team/security-tracker][master] CVE-2016-10730/amanda fixed with 1:3.3.9-1

[Tobias Frost (@tobi)]

Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4198326a by Tobias Frost at 2023-12-03T10:40:00+01:00
CVE-2016-10730/amanda fixed with 1:3.3.9-1

This vulnerability was fixed with the introduction of the security file, (man amanda-security.conf). The
said version is the first version in Debian that has this feature.

Verfified on buster and stretch that the PoC does not work, but bail out with:
e.g
security file '/etc/amanda-security.conf' do not allow to run '/tmp/runme.sh' as root for 'amstar:star_path'
when trying to run
/usr/lib/amanda/application/amstar restore --star-path=/tmp/runme.sh

(PoC is from https://www.exploit-db.com/exploits/39244/, as linked already in the tracker.)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -352265,7 +352265,7 @@ CVE-2018-18633
 CVE-2018-18632
 	RESERVED
 CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
-	- amanda <unfixed> (unimportant)
+	- amanda 1:3.3.9-1 (unimportant)
 	NOTE: https://www.exploit-db.com/exploits/39244/
 	NOTE: /usr/lib/amanda/application/amstar can only be run by members of the backup
 	NOTE: group (which is root-equivalent due to being able to perform restores e.g.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4198326a4f1dcfd8ab5329eddc25042fe190b9b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4198326a4f1dcfd8ab5329eddc25042fe190b9b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231203/fc3c9096/attachment.htm>