Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:3.5.1-1ubuntu0.3", "binary_name": "amanda-client" }, { "binary_version": "1:3.5.1-1ubuntu0.3", "binary_name": "amanda-client-dbgsym" }, { "binary_version": "1:3.5.1-1ubuntu0.3", "binary_name": "amanda-common" }, { "binary_version": "1:3.5.1-1ubuntu0.3", "binary_name": "amanda-common-dbgsym" }, { "binary_version": "1:3.5.1-1ubuntu0.3", "binary_name": "amanda-server" }, { "binary_version": "1:3.5.1-1ubuntu0.3", "binary_name": "amanda-server-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:3.5.1-2ubuntu0.3", "binary_name": "amanda-client" }, { "binary_version": "1:3.5.1-2ubuntu0.3", "binary_name": "amanda-client-dbgsym" }, { "binary_version": "1:3.5.1-2ubuntu0.3", "binary_name": "amanda-common" }, { "binary_version": "1:3.5.1-2ubuntu0.3", "binary_name": "amanda-common-dbgsym" }, { "binary_version": "1:3.5.1-2ubuntu0.3", "binary_name": "amanda-server" }, { "binary_version": "1:3.5.1-2ubuntu0.3", "binary_name": "amanda-server-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:3.5.1-8ubuntu1.3", "binary_name": "amanda-client" }, { "binary_version": "1:3.5.1-8ubuntu1.3", "binary_name": "amanda-client-dbgsym" }, { "binary_version": "1:3.5.1-8ubuntu1.3", "binary_name": "amanda-common" }, { "binary_version": "1:3.5.1-8ubuntu1.3", "binary_name": "amanda-common-dbgsym" }, { "binary_version": "1:3.5.1-8ubuntu1.3", "binary_name": "amanda-server" }, { "binary_version": "1:3.5.1-8ubuntu1.3", "binary_name": "amanda-server-dbgsym" } ] }