Lucene search
+L

211 matches found

OSV
OSV
added 2023/03/23 2:28 p.m.5 views

USN-5966-2 amanda regression

USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information...

5.8AI score
Exploits0References2
Ubuntu
Ubuntu
added 2023/03/23 6:20 a.m.56 views

USN-5966-1: amanda vulnerabilities

Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. CVE-2022-37703 Maher Azzouzi discovered a privilege...

6.7CVSS6.2AI score0.01246EPSS
Exploits3
OSV
OSV
added 2023/03/23 6:20 a.m.4 views

USN-5966-1 amanda vulnerabilities

Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. CVE-2022-37703 Maher Azzouzi discovered a privilege...

6.7CVSS6.6AI score0.01246EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.9 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : amanda regression (USN-5966-2)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5966-2 advisory. USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update...

5.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2023/03/23 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-5966-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS5.4AI score0.01246EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2023/03/22 12:0 a.m.25 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : amanda vulnerabilities (USN-5966-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5966-1 advisory. Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda...

6.7CVSS6.2AI score0.01246EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2023/03/15 12:0 a.m.29 views

openSUSE 15 Security Update : amanda (openSUSE-SU-2023:0069-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0069-1 advisory. - A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the...

6.7CVSS6.8AI score0.01246EPSS
Exploits3References7
OSV
OSV
added 2023/03/14 1:49 p.m.8 views

OPENSUSE-SU-2023:0069-1 Security update for amanda

This update for amanda fixes the following issues: - CVE-2022-37704: fix privilege escalation via rundump boo1208033, ghzmanda/amanda195 - CVE-2022-37705: fix privilege escalation via runtar suid binary boo1208032, ghzmanda/amanda194...

6.7CVSS6.8AI score0.01246EPSS
Exploits3References5
OPENSUSE Linux
OPENSUSE Linux
added 2023/03/14 12:0 a.m.9 views

Security update for amanda (important)

openSUSE Security Update: Security update for amanda Announcement ID: openSUSE-SU-2023:0069-1 Rating: important References: 1208032 1208033 Cross-References: CVE-2022-37704 CVE-2022-37705 CVSS scores: CVE-2022-37704 SUSE: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-37705 SUSE: 7.8...

7.8CVSS7.9AI score0.01246EPSS
Exploits3References2
OSV
OSV
added 2023/03/10 11:5 a.m.6 views

OESA-2023-1149 amanda security update

AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single large capacity tape or disk drive. Amanda uses native tools such as GNUtar, dump for backup and ca...

6.7CVSS7.2AI score0.01246EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.31 views

Debian dla-3330 : amanda-client - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3330 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3330-1 [email protected] https://www.debian.org/lts/security/...

6.7CVSS6.5AI score0.00526EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/02/22 12:0 a.m.15 views

Debian: Security Advisory (DLA-3330-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS6.5AI score0.00526EPSS
Exploits1References3
Debian
Debian
added 2023/02/21 10:0 p.m.21 views

[SECURITY] [DLA 3330-1] amanda security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3330-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 21, 2023 https://wiki.debian.org/LTS -...

6.7CVSS6.8AI score0.00526EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.5 views

SUSE CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root...

6.7CVSS7.8AI score0.01187EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.4 views

SUSE CVE-2016-10730

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...

7.8CVSS7.1AI score0.00558EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.4 views

SUSE CVE-2022-37704

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...

7.8CVSS6.8AI score0.00526EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-37703

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an...

4CVSS6.4AI score0.00703EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.6 views

SUSE CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

7.8CVSS6.9AI score0.01246EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2023/02/07 12:57 p.m.25 views

CVE-2022-37704

A flaw was found in Amanda. The rundump SUID binary executes /usr/sbin/dump as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user "amandabackup" to root...

6.7CVSS6.6AI score0.00526EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2023/02/07 12:57 p.m.45 views

CVE-2022-37705

A flaw was found in Amanda. The runtar SUID binary executes /usr/bin/tar as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user "amandabackup" to root...

6.7CVSS6.6AI score0.01246EPSS
Exploits2References4
Rows per page
Query Builder