CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30577 – Ubuntu Security Notice USN-6614-1
https://notcve.org/view.php?id=CVE-2023-30577
26 Jul 2023 — AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issue to perform a privilege escalation attack. • https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.7EPSS: 2%CPEs: 1EXPL: 1CVE-2022-37705 – Ubuntu Security Notice USN-5966-2
https://notcve.org/view.php?id=CVE-2022-37705
23 Mar 2023 — A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported), Maher Azzouzi discovered an information disclosure v... • https://github.com/MaherAzzouzi/CVE-2022-37705 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37704 – Ubuntu Security Notice USN-5966-2
https://notcve.org/view.php?id=CVE-2022-37704
23 Mar 2023 — Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sens... • https://github.com/MaherAzzouzi/CVE-2022-37704 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 3.3EPSS: 1%CPEs: 1EXPL: 1CVE-2022-37703 – Ubuntu Security Notice USN-5966-2
https://notcve.org/view.php?id=CVE-2022-37703
13 Sep 2022 — In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path. En Amanda versión 3.5.1, se encontró una vulnerabilidad de filtrado de información en el binario SUID de calcsize. Un atacante puede abusar de esta vulnerabilidad para saber si un directorio se presen... • https://github.com/MaherAzzouzi/CVE-2022-37703 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •