CVE-2002-0901

Name of the Vulnerable Software and Affected Versions: Advanced Maryland Automatic Network Disk Archiver (AMANDA) version 2.3.0.4

Description: The issue concerns buffer overflows that can be exploited by remote attackers to execute arbitrary code via long commands to the amindexd daemon. Additionally, certain local users can execute arbitrary code via long command line arguments to specific programs, including amcheck, amgetidx, amtrmidx, createindex-dump, and createindex-gnutar.

Recommendations: For Advanced Maryland Automatic Network Disk Archiver (AMANDA) version 2.3.0.4, consider restricting access to the amindexd daemon and limiting the use of long command line arguments for the affected programs as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.