[Git][security-tracker-team/security-tracker][master] CVE-2016-10729/amanda fixed with 1:3.3.9-1

Tobias Frost (@tobi) tobi at debian.org
Sun Dec 3 09:42:35 GMT 2023



Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ccd23215 by Tobias Frost at 2023-12-03T10:42:18+01:00
CVE-2016-10729/amanda fixed with 1:3.3.9-1

This vulnerability was fixed with the introduction of the security file, (man amanda-security.conf). The
said version is the first version in Debian that has this feature.

Verfified on buster and stretch that the PoC does not work, but bail out with:
e.g
security file '/etc/amanda-security.conf' do not allow to run '/tmp/runme.sh' as root for 'amstar:star_path'
when trying to run
/usr/lib/amanda/application/amstar restore --star-path=/tmp/runme.sh

(PoC is from https://www.exploit-db.com/exploits/39217/, as linked already in the tracker.)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -352270,7 +352270,7 @@ CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup priv
 	NOTE: /usr/lib/amanda/application/amstar can only be run by members of the backup
 	NOTE: group (which is root-equivalent due to being able to perform restores e.g.)
 CVE-2016-10729 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
-	- amanda <unfixed> (unimportant)
+	- amanda 1:3.3.9-1 (unimportant)
 	NOTE: https://www.exploit-db.com/exploits/39217/
 	NOTE: /usr/lib/amanda/runtar can only be run by members of the backup
 	NOTE: group (which is root-equivalent due to being able to perform restores e.g.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccd232156b6a0011e6b43973dd827cf74f5700d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccd232156b6a0011e6b43973dd827cf74f5700d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231203/1ec931e8/attachment.htm>


More information about the debian-security-tracker-commits mailing list