Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Ubuntu 23.10: USN-6614-1 Critical: Amanda Escalation Attack

ubuntu
Calendar Grey January 30, 2024
Dist Ubuntu Esm H88
A significant blueprint flaw enables privilege elevation across various Ubuntu versions. Detailed update guidance is provided.
amanda could be used to escalate privilege if it was provided with specially crafted arguments.

Summary

amanda could be used to escalate privilege if it was provided with specially crafted arguments.

Software Description:

- amanda: Advanced Maryland Automatic Network Disk Archiver (Client)

Details:

It was discovered that amanda did not properly check certain arguments. A

local unprivileged attacker could possibly use this issue to perform a

privilege escalation attack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
    amanda-client                   1:3.5.1-11ubuntu0.23.10.1

Ubuntu 22.04 LTS:
    amanda-client                   1:3.5.1-8ubuntu1.4

Ubuntu 20.04 LTS:
    amanda-client                   1:3.5.1-2ubuntu0.4

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
    amanda-client                   1:3.5.1-1ubuntu0.3+esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6614-1

  CVE-2023-30577

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6614-1

Package Information

  https://launchpad.net/ubuntu/+source/amanda/1:3.5.1-8ubuntu1.4
 

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.