CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30577 – Ubuntu Security Notice USN-6614-1
https://notcve.org/view.php?id=CVE-2023-30577
26 Jul 2023 — AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issue to perform a privilege escalation attack. • https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2016-10729
https://notcve.org/view.php?id=CVE-2016-10729
24 Oct 2018 — An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. Se ha descubierto un problema en Amanda 3.3.1. Un usuario con privilegios backup puede comprometer de forma trivial una instalación de cliente. • https://www.exploit-db.com/exploits/39217 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-10730
https://notcve.org/view.php?id=CVE-2016-10730
24 Oct 2018 — An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. • https://www.exploit-db.com/exploits/39244 • CWE-264: Permissions, Privileges, and Access Controls •