OPENSUSE-SU-2024:12706-1 amanda-3.5.2-3.1 on GA media

These are all security issues fixed in the amanda-3.5.2-3.1 package on the GA media of openSUSE Tumbleweed...

DEBIAN-CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

USN-5966-1 amanda vulnerabilities

Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. CVE-2022-37703 Maher Azzouzi discovered a privilege...

SUSE CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root...

Exploit for Command Injection in Zmanda Amanda

Suggested description Amanda 3.5.1 has a flaw that allows...

Multiple buffer overflows in amanda

Local andremote buffer overflows...