CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30577 – Ubuntu Security Notice USN-6614-1
https://notcve.org/view.php?id=CVE-2023-30577
26 Jul 2023 — AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issue to perform a privilege escalation attack. • https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37704 – Ubuntu Security Notice USN-5966-2
https://notcve.org/view.php?id=CVE-2022-37704
23 Mar 2023 — Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sens... • https://github.com/MaherAzzouzi/CVE-2022-37704 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.7EPSS: 2%CPEs: 1EXPL: 1CVE-2022-37705 – Ubuntu Security Notice USN-5966-2
https://notcve.org/view.php?id=CVE-2022-37705
23 Mar 2023 — A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported), Maher Azzouzi discovered an information disclosure v... • https://github.com/MaherAzzouzi/CVE-2022-37705 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19469
https://notcve.org/view.php?id=CVE-2019-19469
01 Dec 2019 — In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials. En Zmanda Management Console versión 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= permite un ataque de tipo CSRF, como es demostrado mediante la inyección de comandos con metacaracteres de shell. • https://github.com/robertchrk/zmanda_exploit • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2016-10729
https://notcve.org/view.php?id=CVE-2016-10729
24 Oct 2018 — An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. Se ha descubierto un problema en Amanda 3.3.1. Un usuario con privilegios backup puede comprometer de forma trivial una instalación de cliente. • https://www.exploit-db.com/exploits/39217 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-10730
https://notcve.org/view.php?id=CVE-2016-10730
24 Oct 2018 — An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. • https://www.exploit-db.com/exploits/39244 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2009-3102
https://notcve.org/view.php?id=CVE-2009-3102
08 Sep 2009 — The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable. La subrutina soHotCopy en socket-server.pl en Zmanda Recovery Manager (ZRM) para MySQL v2.x anterior a v2.1.1, permite a atacantes remotos ejecutar comandos de su elección a través de vectores que involucran una variable $MYSQL_BINPATH manipulada. • http://forums.zmanda.com/showthread.php?p=8068 • CWE-20: Improper Input Validation •