On Mon, 1 Nov 1999, Peter Walker wrote:
> I think it is fair to say that there is a problem with the amanda package
> as it is shipped on the FreeBSD 3.3 CD, rather than with the amanda backup
> system itself. It would be interesting to find out if any other "standard"
> os distributions have sim
On Mon, 1 Nov 1999, Chris Tobkin wrote:
> I doubt that this is OS specific in the installation, but all the installs
> of amanda i've seen (and have running here) have runtar suid root, but
> perm'd to 7450 (other can't exec it). It may be part of the packages
> bundled with FreeBSD.. All of our
On Nov 1, 1999, monti <[EMAIL PROTECTED]> wrote:
> I confirmed a few exploitable buffer overflows in multiple suid's on an
> earlier version of amanda on BSDI as well a while back. As I recollect
> 'runtar' was one of them.
It's probably time to refresh your view :-)
Amanda has undergone a maj
If memory serves me right, Alexandre Oliva wrote:
> On Nov 1, 1999, Brock Tellier <[EMAIL PROTECTED]> wrote:
>
> > On my system (FreeBSD 3.3-RELEASE + amanda-2.4.1 package included on CD):
>
> > -rwsr-xr-x root/wheel
>
> > And thus ANY user, not just amanda/bin/operator can exploit runtar.
> > Ob
On Nov 1, 1999, Brock Tellier <[EMAIL PROTECTED]> wrote:
> On my system (FreeBSD 3.3-RELEASE + amanda-2.4.1 package included on CD):
> -rwsr-xr-x root/wheel
> And thus ANY user, not just amanda/bin/operator can exploit runtar.
> Obviously, from the replies I've recieved, this is an error in th
On Nov 1, 1999, Rob <[EMAIL PROTECTED]> wrote:
>> Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls
>> /usr/bin/tar and passes all args given to runtar to this program. Tar is
> FWIW, runtar does not need to be suid root if the amanda user (defaults to
> user "amanda") has r
Comments in-line below
*** REPLY SEPARATOR ***
On 11/1/99 at 6:04 PM Brock Tellier wrote:
>On my system (FreeBSD 3.3-RELEASE + amanda-2.4.1 package included on CD):
>
>-rwsr-xr-x root/wheel
>
>And thus ANY user, not just amanda/bin/operator can exploit runtar.
>Obviously, from
>Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls
>/usr/bin/tar and passes all args given to runtar to this program. Tar is
FWIW, runtar does not need to be suid root if the amanda user (defaults to
user "amanda") has read access to the raw disks. This is typically
accomplis
hi,
I confirmed a few exploitable buffer overflows in multiple suid's on an
earlier version of amanda on BSDI as well a while back. As I recollect
'runtar' was one of them.
I apologize that I cant provide anything more specific than this, but it
was some time ago and I misplace my notes on it. Y
[EMAIL PROTECTED] wrote:
>This is almost true. This exploit can only be performed as the user >amanda
>is installed under (generally amanda, operator, or bin), because by
>default the file has the following permissions:
>$ ls -l /usr/local/libexec/runtar
>-rwsr-x--- 1 root amanda 46568
On Sat, 30 Oct 1999, Tellier, Brock wrote:
> Greetings,
>
> OVERVIEW:
> The Amanda backup package has a several vulnerabilities which
> will allow any user to gain root privs.
>
> BACKGROUND:
> My tests were done ONLY on FreeBSD 3.3-RELEASE, though this is almost
> certainly not the only vulnerab
[...]
> DETAILS:
>
> Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls
> /usr/bin/tar and passes all args given to runtar to this program. Tar is
> thus run with root permissions and is vulnerable to all of the same
> attacks on suid programs that it would have if it were suid
Greetings,
OVERVIEW:
The Amanda backup package has a several vulnerabilities which
will allow any user to gain root privs.
BACKGROUND:
My tests were done ONLY on FreeBSD 3.3-RELEASE, though this is almost
certainly not the only vulnerable OS. A search for "amanda-2 and not
freebsd" on altavista
On Nov 2, 1999, Robert Watson <[EMAIL PROTECTED]> wrote:
> It should also be pointed out that the symlink bug described in the
> original post seems to be a bug in Amanda that is not platform-specific --
> I haven't seen any further comment on that, only on the package
> installation.
Amanda cr
On Nov 2, 1:43pm, Robert Watson wrote:
> Subject: Re: [Re: Amanda multiple vendor local root compromises]
...
> It should also be pointed out that the symlink bug described in the
> original post seems to be a bug in Amanda that is not platform-specific --
> I haven't seen any f
15 matches
Mail list logo