4 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. • https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4 https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3 https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OITHG7FBD7HQRX2XT75GSGWB3D6XSZU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YYGJJARVLRBMNWSNXKZBXZNX3M53OVPA • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported), • https://github.com/MaherAzzouzi/CVE-2022-37705 http://www.amanda.org https://github.com/zmanda/amanda/issues/192 https://github.com/zmanda/amanda/pull/194 https://github.com/zmanda/amanda/pull/196 https://github.com/zmanda/amanda/pull/204 https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3 https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWM • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. • https://github.com/MaherAzzouzi/CVE-2022-37704 http://www.amanda.org https://github.com/zmanda/amanda/issues/192 https://github.com/zmanda/amanda/pull/197 https://github.com/zmanda/amanda/pull/205 https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3 https://lists.debian.org/debian-lts-announce/2023/02/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK https://lists.fedoraproject.org/a • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path. En Amanda versión 3.5.1, se encontró una vulnerabilidad de filtrado de información en el binario SUID de calcsize. Un atacante puede abusar de esta vulnerabilidad para saber si un directorio se presenta o no en cualquier parte del fs. • https://github.com/MaherAzzouzi/CVE-2022-37703 http://www.amanda.org https://bugs.gentoo.org/870037 https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3 https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ https://lists.fedoraproject.org&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •