CVE-2002-0901 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Amanda

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

6.3%

top 9.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Amanda Debian Amanda

Timeline

PublishedOct 4

Latest updateApr 30

Description

Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/amanda< amanda 2.4.0b6-1 (bookworm)

▶Debianamanda/amanda< 2.4.0b6-1+2

▶NVDamanda/amanda2.3.0.4

Patches

Patch: www.iss.net ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-4ff8-c98x-v6m4: Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2↗2022-04-30

▶

OSV

CVE-2002-0901: Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2↗2002-10-04

▶

📋Vendor Advisories

Debian

CVE-2002-0901: amanda - Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (...↗2002

▶