CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37703
https://notcve.org/view.php?id=CVE-2022-37703
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path. En Amanda versión 3.5.1, se encontró una vulnerabilidad de filtrado de información en el binario SUID de calcsize. Un atacante puede abusar de esta vulnerabilidad para saber si un directorio se presenta o no en cualquier parte del fs. • https://github.com/MaherAzzouzi/CVE-2022-37703 http://www.amanda.org https://bugs.gentoo.org/870037 https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3 https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ https://lists.fedoraproject.org&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2002-0901
https://notcve.org/view.php?id=CVE-2002-0901
Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar. Múltiples desbordamientos de búfer en Advanced Maryland Automatic Disk Archiver (AMANDA) 2.3.0.4 permite a atacantes remotos, ejecutar código arbitrario mediante comandos largos al demonio amindexk, o a ciertos usuarios locales ejecutar código arbitrario mediante un argumento de línea de comando largo a los programas amcheck amgetidx amtrmidx createindex-dump, or createindex-gnutar • http://online.securityfocus.com/archive/1/274215 http://www.iss.net/security_center/static/9181.php http://www.iss.net/security_center/static/9182.php http://www.securityfocus.com/bid/4836 http://www.securityfocus.com/bid/4840 •