CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30577
https://notcve.org/view.php?id=CVE-2023-30577
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. • https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4 https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3 https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OITHG7FBD7HQRX2XT75GSGWB3D6XSZU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YYGJJARVLRBMNWSNXKZBXZNX3M53OVPA • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37705
https://notcve.org/view.php?id=CVE-2022-37705
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported), • https://github.com/MaherAzzouzi/CVE-2022-37705 http://www.amanda.org https://github.com/zmanda/amanda/issues/192 https://github.com/zmanda/amanda/pull/194 https://github.com/zmanda/amanda/pull/196 https://github.com/zmanda/amanda/pull/204 https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3 https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWM • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37704
https://notcve.org/view.php?id=CVE-2022-37704
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. • https://github.com/MaherAzzouzi/CVE-2022-37704 http://www.amanda.org https://github.com/zmanda/amanda/issues/192 https://github.com/zmanda/amanda/pull/197 https://github.com/zmanda/amanda/pull/205 https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3 https://lists.debian.org/debian-lts-announce/2023/02/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK https://lists.fedoraproject.org/a • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37703
https://notcve.org/view.php?id=CVE-2022-37703
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path. En Amanda versión 3.5.1, se encontró una vulnerabilidad de filtrado de información en el binario SUID de calcsize. Un atacante puede abusar de esta vulnerabilidad para saber si un directorio se presenta o no en cualquier parte del fs. • https://github.com/MaherAzzouzi/CVE-2022-37703 http://www.amanda.org https://bugs.gentoo.org/870037 https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3 https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ https://lists.fedoraproject.org&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19469
https://notcve.org/view.php?id=CVE-2019-19469
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials. En Zmanda Management Console versión 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= permite un ataque de tipo CSRF, como es demostrado mediante la inyección de comandos con metacaracteres de shell. • https://github.com/robertchrk/zmanda_exploit • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •