In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir()
as root directly without checking the path, letting the attacker provide an arbitrary path.
{ "binaries": [ { "binary_name": "amanda-client", "binary_version": "1:3.5.1-1ubuntu0.3" }, { "binary_name": "amanda-common", "binary_version": "1:3.5.1-1ubuntu0.3" }, { "binary_name": "amanda-server", "binary_version": "1:3.5.1-1ubuntu0.3" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "amanda-client", "binary_version": "1:3.5.1-2ubuntu0.3" }, { "binary_name": "amanda-common", "binary_version": "1:3.5.1-2ubuntu0.3" }, { "binary_name": "amanda-server", "binary_version": "1:3.5.1-2ubuntu0.3" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "amanda-client", "binary_version": "1:3.5.1-8ubuntu1.3" }, { "binary_name": "amanda-common", "binary_version": "1:3.5.1-8ubuntu1.3" }, { "binary_name": "amanda-server", "binary_version": "1:3.5.1-8ubuntu1.3" } ], "availability": "No subscription required" }