Search CVE reports


Toggle filters

1 – 6 of 6 results


CVE-2023-30577

Medium priority

Some fixes available 4 of 7

AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.

1 affected packages

amanda

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
amanda Not affected Fixed Fixed Fixed Ignored
Show less packages

CVE-2022-37705

High priority

Some fixes available 5 of 6

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that...

1 affected packages

amanda

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
amanda Fixed Fixed Fixed Ignored
Show less packages

CVE-2022-37704

Medium priority

Some fixes available 5 of 6

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to...

1 affected packages

amanda

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
amanda Fixed Fixed Fixed Ignored
Show less packages

CVE-2022-37703

Low priority

Some fixes available 5 of 6

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root...

1 affected packages

amanda

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
amanda Fixed Fixed Fixed Ignored
Show less packages

CVE-2016-10730

Medium priority
Vulnerable

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and...

1 affected packages

amanda

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
amanda Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2016-10729

Medium priority
Vulnerable

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users...

1 affected packages

amanda

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
amanda Not affected Not affected Not affected Not affected Vulnerable
Show less packages